New FireEye Advanced Threat Report Reveals Global Expansion of Malware Attacks; Malicious Servers Now Located in 206 Countries and Territories

Report on 2013 Threats Details Evolving Tactics and Effective Infiltration of Attacks That Occurred Every 1.5 Seconds

FireEye, Inc. (NASDAQ: FEYE), the leader in stopping today’s advanced cyber attacks, today announced the release of its latest Advanced Threat Report, detailing malicious activities captured by the FireEye Security Platform throughout 2013. The report shows that malware activity has become so pervasive globally that attack servers communicating with malware are now hosted in 206 countries and territories.

Drawing on data gathered from nearly 40,000 unique cyber attacks (more than 100 per day) and over 22 million malware command and control (CnC) communications, the Advanced Threat Report provides a global look into cyber attacks that routinely bypass traditional defenses such as firewalls, next-generation firewalls, IPS, anti-virus, and security gateways.

The report provides an overview of the current threat landscape, evolving advanced persistent threat (APT) tactics, and the countries where advanced attacks are most prevalent today. In addition, it offers a detailed look at trends taking place in specific industries, as well as a case study on a sophisticated, sustained attack that was waged during the course of 2013.

Key findings in the Advanced Threat Report based on the data gathered by FireEye include:

  • Enterprises are attacked on average once every 1.5 seconds. In 2012, we reported malware attacks occurred once every three seconds. The increased frequency of use highlights the bigger role malware is playing in cyber attacks.
  • Malware attack servers, command and control (CnC) infrastructure have been placed in 206 countries and territories, up from 184 in 2012. The U.S., Germany, South Korea, China, Netherlands, United Kingdom, and Russia were home to the most CnC servers.
  • The top ten countries that were most frequently targeted by APTs in 2013 were:

    1. United States6. Germany
    2. South Korea7. Switzerland
    3. Canada8. Taiwan
    4. Japan9. Saudi Arabia
    5. United Kingdom10. Israel

  •  The following verticals were targeted by the highest number of unique malware families:

    1. Government6. Education
    2. Services/consulting7. Aerospace/Defense
    3. Technology8. Government (State/Local)
    4. Financial services9. Chemicals
    5. Telecommunications10. Energy


  • In the first half of 2013, Java was the most common zero-day focus for attackers. In the second half of 2013, FireEye observed a burst of Internet Explorer (IE) zero-days used in “watering hole” attacks.
  • FireEye identified five times more Web-based attacks than email-based attacks globally, and that per country, there were three times more Web attacks than email attacks.

“The increasing frequency at which cyber attacks are happening illustrates the allure of malware to those with malicious intentions,” said Dr. Kenneth Geers, senior global threat analyst at FireEye. “Across the board, we are seeing a global expansion of APTs, malware, CnC infrastructure, and the use of publically available tools to facilitate the attack process. The global scale of the threat has put cyber defenders in the very difficult position of not having any clue where the next attack will come from.”

For a full copy of the Advanced Threat Report, please visit:

About FireEye, Inc.

FireEye has invented a purpose-built, virtual machine-based security platform that provides real-time threat protection to enterprises and governments worldwide against the next generation of cyber attacks. These highly sophisticated cyber attacks easily circumvent traditional signature-based defenses, such as next-generation firewalls, IPS, anti-virus, and gateways. The FireEye Threat Prevention Platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors and across the different stages of an attack life cycle. The core of the FireEye platform is a virtual execution engine, complemented by dynamic threat intelligence, to identify and block cyber attacks in real time. FireEye has over 1,500 customers across more than 40 countries, including over 100 of the Fortune 500.

Media Contact

Vitor De Souza

FireEye, Inc.

(415) 699-9838

# # #

© 2014 FireEye, Inc. All rights reserved. FireEye is a registered trademark or trademark of FireEye, Inc. in the United States and other countries. All other brands, products, or service names are or may be trademarks or service marks of their respective owner.