Akamai Diversity

The Akamai Blog

State of the Internet in Q3 2011: Observations on Attack Traffic

To say that Web-based security attacks are on the rise would be an understatement. Consider this: in just the past three years, we've seen an eye-popping 2,000% increase in the number of DDoS attack incidents investigated on behalf of our customers.  

And while those DDoS numbers are not currently part of Akamai's State of the Internet report (Q3 2011 edition released today at  http://www.akamai.com/stateoftheinternet/), the attack traffic that we monitor and report on provides some interesting food for thought. State of the Internet report attack data is gathered from a distributed set of agents deployed across the Internet. Based on data collected by these agents, we're able to identify the top countries from which this observed attack traffic originates, as well as the top ports targeted by these attacks.

With the global Internet economy projected to double to nearly $4.2 trillion by 2016 (source: Boston Consulting Group, January 2012) there's clearly a lot at stake. Our data indicate that port-based attacks are still very active and are being launched from around the globe. And while it's hard to say exactly what the origin of this observed attack traffic is, it's likely not friendly. It could be individuals searching for easily compromised systems or botnets looking to recruit new participants (possibly from which to launch the next DDoS attack). Either way, its clear there's an ongoing need for solid network and systems hygiene to help prevent further system compromise and infection. When paired with DDoS attack figures, it's clear how important solid defense-in-depth is.

So where are the observed attacks coming from?

Of the global attack traffic we observed during the quarter, nearly half is originating in the Asia-Pacific region.

We also saw some interesting trends at the country level in that region. Indonesia vaulted to the top of the list in Q3, generating 14% of all observed attack traffic. Taiwan and China held the second and third place spots, respectively, accounting for just under 20% of attack traffic combined.

Myanmar, which suddenly appeared at the top of the list in the prior two quarters, disappeared just as suddenly, potentially indicating that attack traffic has either been shut down, or is now coming from other places. In addition to South Korea and Indonesia, Taiwan, China, India, and Egypt were all responsible for higher percentages of attack traffic as compared to the prior quarter. Elsewhere, attack traffic originating in Europe was down slightly to 28%, North and South America combined accounted for nearly 19%, and the remaining 4% came from Africa.

As in previous editions, the Q3, 2011 State of the Internet report also includes data and trends around broadband adoption, mobile connectivity, Internet adoption, and other related topics.


To explore additional metrics and view data from the current report on a (zoomable) map, check out the new data visualization tool at http://www.akamai.com/stateoftheinternet. The existing data visualization tool that allows you to graph and compare trends in key metrics over time has been updated as well.

We hope you enjoy this latest issue of the Akamai State of the Internet report. As always, we welcome any feedback and questions you might have.

David Belson
@dbelson, @akamai_soti