author photo
By Bruce Sussman
Tue | Feb 26, 2019 | 8:01 AM PST

The world is watching Vietnam, and if your organization has operations there, then you should be watching too.

The reason is simple: Trump and Kim are meeting in Vietnam, and malware attacks follow President Trump and Kim Jong Un around. 

And sometimes the malware spikes follow their words and actions, as well.

This is according to research scientist Kenneth Geers, who has tracked sudden spikes of malware around the globe. 

"Malware is super dynamic, it's changing all the time, but it is a reflection of human affairs," says Geers.

One example is when Trump launched a war of words against North Korea, and another is when Kim Jong Un launched missiles over Japan.

"In the case of North Korea, I dropped it (the malware spike) on a timeline and then there was one huge spike in the middle of the year, and literally, it was the day after Donald Trump was at the UN threatening to destroy North Korea," he says.

"And one of the things I found is that the single highest day for malware detection in North Korea was the very day that Donald Trump was in South Korea. Those are not coincidences."

He shared other examples during our brief interview: 

Reasons malware outbreaks follow world leaders

There could be a few reasons malware rates spike around prominent world leaders. Perhaps it's because their visits, controversial statements, or actions shine a light on a specific place. 

Another theory Geers has is that reconnaissance plays a part in each of these malware spikes.

"My basic hypothesis in this kind of geopolitical analysis is that we’re looking at cyber espionage. When there’s a really big event like a North Korean missile launch over Japan, there’s at least a dozen intelligence services that are very interested in gathering information very quickly on what’s happening.”

Takeaways for your organization

So what are you supposed to do with this information that malware attacks skyrocket with major geopolitical events? 

Says Geers: "Know, for your enterprise, if there is something happening in your city or state, or an election or military tension between your country and another, there will be malware that is on the rise, I can promise you that, within your space."

This means you can give your security team a heads up to watch for malware spikes when a big event hits your corner of the world or involves your organization.

"I love understanding how it works from a who and why. Malware is always written by a threat actor for a particular purpose."

And we love learning unique insights like these at SecureWorld cybersecurity conferences. See our 2019 event calendar.

[Image credit: Kirkchai Benjarusameeros /]