Most cyber-attacks come from the U.S.A., not red-flag countries

If you think you’re safe from a cyber-attack because you block “red-flag” countries such as Iran, Russia, North Korea, and China, think again. Most attacks are home grown.

A new report from security company Sucuri concluded that most malicious attacks originate in the United States. About 38 percent of all attacks came from the U.S., with 11 percent of these originating in California (which is my home state, and no, I was not one of the hackers). The number of U.S.-based attacks dwarfed the second-most common staging area for attackers: India with 7 percent.

The research conducted by Sucuri involved analysis of nearly 500-million blocked attacks that were intercepted by its software.  According to the report, the attacks included “SQL injection, brute force attempts, and a variety of other exploit attempts.” The researchers traced the origin of the attacks via geolocation.

cyber attacks by country (photo credit: Sucuri -
photo credit: Sucuri (

The results were not surprising to the researchers. As Sucuri founder and CTO told, “There are misconceptions that attacks only come from red-flag countries and by blocking them you’re now safe… we knew that from previous analysis… even though a partial geo-blocking may be effective as a noise reducer, it won’t really stop most attacks.”

So with this information in mind, what can security experts do to better protect their company? Sucuri advocates a more nuanced approach than blocking traffic simply using well-known but limited data such as the perceived threats from red-flag countries. The report concludes that “you can’t just block attackers using one specific bit of data… do not base decisions solely on that data.”  Instead, those in charge of keeping networks safe from cyber-attacks must be willing to more thoroughly analyze data at both a macro and micro level.

It is no longer enough to trust previous methodology to fight security breaches. Just as attacks evolve, cybersecurity experts must evolve in their approach. It may be more difficult, but in the end you could protect your data in a much more efficient manner. As the Sucuri report stated in its concluding sentence, “sometimes what we think we know is further from reality than we realize.”



About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top