Top Security Threats and Attackers by Country

Most internet security studies show that the countries that produce the most malicious traffic are typically the United States, China, Brazil, Germany, recently joined by India. This should not really be any surprise because these are the most populated countries and the more people and PCs you have, the more attack traffic, on average, you are going to produce.

Incapsula conducted a study that monitored 200 million web sessions for a sample of 3000 websites that use Incapsula’s website security service. The average website had 135,000 monthly visitors (nice size!) and the traffic was monitored for a period of 14 days.

The study focused on global distribution of cyber criminal activity and on the relative proportion of attack traffic from all visits, from a given country. This study also classified the malicious traffic into 4 categories according to the attackers’ objectives: Server Take Over (RFI, Directory Traversal, etc.), Data Theft (SQL Injections), Credential Theft (XSS) and general vulnerability scanning.

Top Security Threats and Attackers by Country

Website sample size: 3,000

Measurement period: August 1-14, 2012

Average Monthly sessions per website: 135,000

Total number of sessions: 200 Million

The study shows that Server Take Over attempts are by far the most common attack objective (yielding total control of the server and further repurposing for other criminal activity).

And furthermore: What is rotten in the two Kingdoms, with the United Kingdom and (the Kingdom of) Denmark leading the chart with the highest proportion of cyber criminal activity?

This could indicate either a very high proportion of cyber criminals or a very high infection rate of PCs with Internet access; an evidence of bad consumer PC hygiene.

>> Website Attack Types:

server-takedown Server Takeover: This category includes exploiting web server vulnerabilities likeRemote File Inclusion, Local File Inclusion, Directory Traversal. These security risks are the most widespread due to their effectiveness but moreover because they are very easy to automate. These attacks are mainly used for web server takeover where a hacker can plant malware in the site’s code, deface the site or even use the web server as a bot for attacking other sites.
data-theft Data Theft: These attacks target an application’s underlying database and are explicitly designed to pilfer data. This weakness happens when a web application does not properly sanitize user input and allows the attacker to affect the SQL statements that are executed by the database. This attack is mostly used for stealing sensitive data – bypassing authentication or even causing a Denial of Service.
credential-theft Credentials Theft: Cross Site Scripting (XSS) is a method in which a hacker uses a weakness in the web application which allows the attacker to execute malicious code in the user’s browser. This attack can be used to steal user credentials, alter the site’s appearance or even redirect the user to sites that are hosting malware.
vulnerability-scan Vulnerability Scanning: Vulnerability scanners are tools which scan web applications to find security vulnerabilities. Some of them are commercial tools (as Nessus, Qualys, Acunetix and WhiteHat security) used by website owners to self-check their websites for security breaches, and some are self-developed by hackers, which use them to find security vulnerabilities on websites and then exploit these vulnerabilities for targeted attacks .

Keep your finger on the pulse

Sign up for updates from Imperva, our affiliated entities and industry news.