While the United States, Holland, France, Russia and the UK host the Tor exit nodes, most malicious traffic appears to be coming out of nodes hosted in america, Holland, Romania, France, and Luxembourg.

The recorded assaults that conceal their source using Tor appear to be targeting the Communications and Info sector mainly, followed by Instruction, Finances and Insurance, Production, and Wholesale and Retail businesses.

Attackers use Tor for concealing vulnerability scanning and SQL injections

If IBM had not been a tightly managed corporation that carefully observes its press releases, this would have been the perfect spot to add an SMH (Shaking My Head) GIF.

Second on the listing of favored strikes to be carried out via Tor is vulnerability scanning strikes, followed by the DDOS floodings that are well-known.

While vulnerability scanning is now readily detectable by most enterprise-level firewalls, Tor provides a means for attackers rapidly shift their way out node when its IP is found and prohibited but also to not conceal their actual place.

As for DDOS attacks, Tor exit nodes in the US appear to be the favored ones for a lot of attackers, mostly since they offer bandwidths that are larger in comparison to other nodes around the world.