Malicious servers now located in 206 countries and territories: report

Malware activity has become so pervasive globally that attack servers communicating with malware are now hosted in 206 countries and territories, reveals FireEye, Inc.’s Advanced Threat Report.

The report reveals that enterprises are attacked on average once every 1.5 seconds. In 2012, FireEye reported malware attacks occurred once every three seconds. The increased frequency of use highlights the bigger role malware is playing in cyber attacks.

Malware attack servers, command and control (CnC) infrastructure have been placed in 206 countries and territories, up from 184 in 2012. The U.S., Germany, South Korea, China, Netherlands, United Kingdom, and Russia were home to the most CnC servers.

The top ten countries that were most frequently targeted by APTs in 2013 were:

1. United States

2. South Korea

3. Canada

4. Japan

5. United Kingdom

6. Germany

7. Switzerland

8. Taiwan

9. Saudi Arabia

10. Israel

The following verticals were targeted by the highest number of unique malware families:

1. Government

2. Services/consulting

3. Technology

4. Financial services

5. Telecommunications

6. Education

7. Aerospace/Defense

8. Government (State/Local)

9. Chemicals

10. Energy

In the first half of 2013, Java was the most common zero-day focus for attackers. In the second half of 2013, FireEye observed a burst of Internet Explorer (IE) zero-days used in “watering hole” attacks.

FireEye identified five times more web-based attacks than email-based attacks globally, and that per country, there were three times more web attacks than email attacks.

“The increasing frequency at which cyber attacks are happening illustrates the allure of malware to those with malicious intentions,” said Dr. Kenneth Geers, Senior Global Threat Analyst at FireEye. “Across the board, we are seeing a global expansion of APTs, malware, CnC infrastructure, and the use of publically available tools to facilitate the attack process. The global scale of the threat has put cyber defenders in the very difficult position of not having any clue where the next attack will come from.”