U.S. Computers Account for Most Attacks
People like myself are frequently guilty of blaming crime blocs in Eastern Europe, Russia and the Far East for generating the majority of today's cyber-attacks, but the truth is that far more threats are being leveled at users from computers based here in the United States than from any other country in the world.
In fact, according to a research report issued today, Sept. 22, by hosted security management specialist SecureWorks, computers located in the United States accounted for well over twice as many attacks thus far in 2008 (20.6 million) as did China (7.7 million) the second most popular locale for such activity.
SecureWorks calibrated its figures based on the volume and variety of threats that it has intercepted on the part of its customers over the last nine months.
Now, this finding may indicate that more attackers are working on the ground in the States, or it may mean that foreign criminals have gained control over more machines here than anywhere else, but it certainly points to some serious security problems within U.S. borders, whether they take the form of criminal activity or insufficiently protected endpoints.
Following the United States and China, Brazil and Korea ranked next with over 160,000 attempted attacks apiece, Poland with over 150,000, Japan with 140,000, Russia with 130,000, Taiwan with 124,000, Germany with 110,000 and Canada with 107,000.
SecureWorks experts agreed that a high number of compromised zombie endpoints in the involved countries is likely contributing to the regional statistics, serving as a telling indicator of how much work remains to be done in protecting machines in those nations, which also have the globe's highest numbers of Web users.
"We believe these statistics are significant because it clearly shows that the United States and China have a lot of vulnerable computers that have been compromised and are being used as bots to launch cyber-attacks," Hunter King, security researcher for SecureWorks, wrote in a report summary. "This should be a warning to organizations and personal computer users that, not only are they putting their computers and networks at risk by not securing them, but they are actually providing these cyber-criminals with a platform from which to compromise other computers."
The findings also illustrate how it will be challenging to prevent targeted attacks motivated by regional issues, such as the denial-of-service campaigns carried out over the last year against targets in Estonia and Georgia, as the nations waged political and military battles with Russia.
Stopping a group of regionally motivated attacks is not as simple as merely blocking traffic from a particular country involved in such an incident, as assailants typically leverage zombie infrastructure located around the world to defeat such a straightforward defensive reaction, SecureWorks' experts noted.
"The Georgia/Russia cyber-conflict was a perfect example of this. Many of the Georgian IT staff members thought that by blocking Russian IP addresses they would be able to protect their networks; however, many of the Russian attacks were actually launched from IP addresses in Turkey and the United States, so consequently they were hit hard," Don Jackson, director of Threat Intelligence for SecureWorks, wrote. "This was a perfect example where we saw Russian cyber-criminals using compromised computers outside their borders."
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWEEK and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.