California alone is the source of more cyberattacks than any other country.
California alone is the source of more cyberattacks than any other country.

Russia, Iran, China and North Korea are home to more than their fair share of cybercriminals, but the nation most responsible for housing malicious actors is the United States.

And of the 50 states and various American territories California holds the dubious honor of hosting the most bad guys within its borders, this according to a blog by Daniel Cid, Sucuri founder and CTO. Cid's study found that 38 percent of attacks originated in the United States with 11 percent coming from California, which by itself is more than any other individual country.

India came in a distance second place being responsible for 7 percent of the attacks, with China and Canada each generating 5 percent.

“There are misconceptions that attacks only come from red-flag countries and by blocking them you're now safe, or that one can quickly identify and block based on location,” Cid wrote, adding in a tweeted comment to, that he was not surprised by the U.S. being number one. "We knew that from previous analysis, but most people have a hard time believing."

(Source: Sucuri)

This data was derives from a Sucuri study that looked at about 500 million attacks that were blocked by Sucuri software during a recent 30-day period.

Some of the other data points generated were less surprising. Windows is the preferred operating system used to launch 45 percent of the attacks with Linux at 5 percent, iOS and Macintosh at two percent each.

Cid also found that Internet Explorer 6.0 was the browser preferred in 16 percent of the attacks, followed by Chrome, 13 percent; GoogleBot (Google's webcrawler), 11 percent; and Firefox at 4 percent. What was most revealing was the fact no user agent was set in about one-third of the attacks.

“What's really interesting from this data is that nearly a third of the exploit tools make no effort to set the user agent (i.e., 29% of the attacks had no user agents set). That is followed by MSIE/6, which is also a common browser “emulated” (faked) by exploit tools. When you combine these two, you have close to 50% of the user agents used by attackers and their exploit tools,” Cid wrote.

The 29 percent figure includes all type of attacks, including spam, brute force and exploit attempts, Cid told SCMagazine in a Tweet.

Updated July 28 to include Cid's Tweeted comments.