60% of spam activity comes from the USA, Russia and Ukraine

The Data 61 research team at the Commonwealth Scientific and Industrial Research Organization (CSIRO) presented a summary report, entitled FinalBlacklist. It analyzes various types of malicious activity, from phishing to malware attacks. In particular, it says that 60% of spam activity comes from the USA, Russia and Ukraine.

Experts claim that their report is the first and largest publicly available data set of this kind and is based on 51.6 million different reports of malicious online activity and 662,000 unique IP addresses around the world.

To analyze such a large amount of data, researchers used machine learning and divided malware into six classes: malware, phishing, fraudulent services, potentially unwanted programs, exploits and spam.

“Public reports of malicious online activity are commonly used inthe form of blacklists by intrusion detection systems, spam filtersand alike to determine if a host is known for suspicious activity.However very little is known about the dynamics of the reportingof malicious activities. Understanding what has been reported andhow the reported activity evolves over time can be of paramountimportance to help assess the efficacy of blacklist-based threat pre-vention systems.”, — say Data 61 researchers.

Data 61 experts believe that on the Internet is almost no open and publicly available data that would help deal with global trends and patterns in the landscape of cyberthreats.

Certainly are found scattered data sets, but they mostly often belong to private companies and, according to analysts, do not bring much profit.

Read also: PDFex attack extracts data from encrypted PDF files

In their report, Data 61 experts draw a number of interesting conclusions:

1. more than 60% of all spam activity from 2007 to 2017 was generated by the United States, Russia and Ukraine;
2. the most difficult to eliminate threats usually come from China;
3. one particular Amazon cloud server turned out to be a malicious recidivist and constantly turned out to be connected with the spread of exploits (researchers explain that this is simply a cheap and convenient resource for attackers);
4. as for phishing, this activity is constantly growing, and in 2017 phishing already accounted for 30% of the total amount of all malicious activity in general.