Each Internet package have a source and destination address. Even though the Internet addresses does not perfectly match the physical addresses you can locate them to a country with extremely high precision, and often to a specific city as well. There are also devices which can scan a package and guess if it is part of a cyber attack or not. This is what a firewall does bet these devices can now be very sophisticated. Again the accuracy of these devices is not perfect, the more packages it gets from an attack the more accurate it is. But it is able to block most of the attacks or at least warn network operators about the potential attacks.

Collecting worldwide statistics however is a different challenge. A lot of these firewalls and intrusion detectors are installed deep inside the network of corporations or service providers. And they do not want to give away this data without getting anything in return. Especially considering the potential privacy issues. But there are security providers who will help detect and mitigate attacks against you provided that you share some of your statistical data with them so they can use this. The data is anonymized as best as practically possible but things like origin and destination country is not that important. These companies often provide such attack maps as a way to raise awareness of the various cyber attacks that is taking place all the time hoping that more people will buy their products in order to protect themselves.