In the Cisco 2016 Midyear Cybersecurity Report, a key message about the risk of malware was that “no vertical is safe.” Judging from our researchers’ periodic examination of attack traffic (“block rates”) and “normal” or expected traffic by industry, this message held true in the latter half of the year.

In looking at verticals and their block rates over time (Figure 21), we see that, at some point over the course of several months, every industry has been subject to attack traffic and at varying levels. It’s clear that as attacks rise and fall, they affect different verticals at different times— but none are spared.

Regional Overview of Web Block Activity
Adversaries frequently shift their base of operation, searching for weak infrastructure from which they can launch their campaigns. By examining overall Internet traffic volume and block activity, Cisco threat researchers can offer insight on where malware is originating.

As Figure 22 shows, traffic from the United States edged up slightly from the block rates seen in the Cisco 2016 Midyear Cybersecurity Report. The United Stateshouses the far greater share of blocks, but this should be considered a function of the country’s far greater share of online traffic. In addition, the United States is one of the world’s largest targets of malware attacks.

The takeaway for security professionals: Much like the vertical web block activity, the regional web block activity shows that malware traffic is a global problem.

High