. https://www.sagedatasecurity.com/blog/does-malware-have-citizenship
blog article
In talks with information security professionals at security conferences, user group events, and customer sites, Chester Wisniewski frequently fields questions about country-based blocking as a network defense tactic. Though he couldn’t find any published data to confirm his assumptions, “I couldn’t see any meaningful correlation between the countries from which traffic originates and attack patterns,” said Wisniewski, a principal research scientist at Sophos. So, in 2018, leveraging petabytes of malicious samples captured by SophosLabs, he launched his own project to determine if region-blocking was a practical weapon for slashing malware volumes. In his CyberCrime Symposium keynote, he detailed his findings and how attendees could apply the information to better defend their networks. Malicious Matters. For his research, Wisniewski analyzed a month’s worth of malicious data. Beyond segmenting threats by type and location, he wanted to drill-down to identify the countries of traffic origin, autonomous systems (ASs) — blocks of IP addresses controlled by ISPs and other large network operators — and sketchy ISPs. READ MORE