Global Variation in Attack Encounters and Hosting

Countries vary greatly in the extent to which their computers encounter and host attacks. Empirically identifying factors behind such variation can provide a sound basis for policies to reduce attacks worldwide. However, the main current approach to identify these factors consists of expert opinions with limited empirical validation. In this work, we empirically test hypotheses regarding social and technological factors behind such international variation. We use Symantec's Intrusion Prevention System (IPS) telemetry data collected from around 10 million Symantec customers worldwide. We find that web attacks and fake applications are most prominent in Western Europe and North America. Our results indicate a relationship between countries' wealth and technological sophistication and attack exposure, indicating that attackers probably target developed countries to maximize their profits. Moreover, Eastern Europe hosts disproportionate quantities of attacks. Our statistical analysis reveals a relationship between attack hosting and the combined effect of widespread corruption and computing resources. Surprisingly, China is not among the top 10 attack hosting countries and Africa hosts the smallest quantities of attacks. Our work has important policy implications.