Malicious Code Trends

Malicious Code Trends | Top Malicious Code Families | Analysis of Malicious Code Activity by Geography, Industry Sector and Company Size | Propagation Mechanisms | Industrial Espionage: Targeted Attacks and Advanced Persistent Threats (APTs) | TRIAGE Analysis of Targeted Attacks

Analysis of Malicious Code Activity by Geography, Industry Sector and Company Size


Malicious code activity trends can also reveal patterns that may be associated with particular geographical locations, or hotspots. This may be a consequence of social and political changes in the region, such as increased broadband penetration and increased competition in the marketplace that can drive down prices, increasing adoption rates. Of course there may also be other factors at work, based on the local economic conditions that may present different risk factors. Similarly, the industry sector may also have an influence on an organization’s risk factor, where certain industries may be exposed to different levels of threat, by the nature of their business.
Moreover, the size of an organization can also play a part in determining their exposure to risk. Small to medium-sized businesses (SMBs) may find themselves the target of a malicious attack by virtue of the relationships they have with other organizations; for example, a company may be subjected to an attack because they are a supplier to a larger organization and attackers may seek to take advantage of this relationship in forming the social engineering behind subsequent attacks to the main target, using the SMB as a springboard for these later attacks. SMBs are perceived to be a softer target as they are less likely to have the same levels of defense-in-depth as a larger organization is more likely to have greater budgetary expenditure applied to their security countermeasures.


Analysis of malicious code activity based on geography, industry and size are based on the telemetry analysis from clients for of threats detected and blocked against those organizations in email traffic during 2011.
This analysis looks at the profile of organizations being subjected to malicious attacks, in contrast to the source of the attack.


Figure B.8. Proportion of email traffic identified as malicious - by industry sector, 2011. Source:
Figure B.9. Proportion of email traffic identified as malicious - by organization size, 2011. Source:
Figure B.10. Proportion of email traffic identified as malicious - by geographic location, 2011. Source:


  • The rate of malicious attacks carried by email has increased for eight of the top-ten geographies being targeted; malicious email threats fell in 2011 for organizations in both Vietnam and China.
  • Businesses in the Republic of Korea (South Korea) were subjected to the highest average ratio of malicious email-borne email in 2011, with 1 in 94.2 emails blocked as malicious, compared with 1 in 209.6 in 2010.
  • Globally, organizations in the Government and Public sector were subjected to the highest level of malicious attacks in email traffic, with 1 in 41.1 emails blocked as malicious in 2011, compared with 1 in 65.7 for 2010.
  • Malicious email threats have increased for all sizes of organizations, with 1 in 205.1 emails being blocked as malicious for large enterprises with more than 2,500 employees in 2011, compared with 1 in 259.7 in 2010.
  • 1 in 267.9 emails were blocked as malicious for small to medium-sized businesses with between 1-250 employees in 2011, compared with 1 in 300.0 in 2010