Akamai Diversity

The Akamai Blog

Indonesian Attack Traffic Tops List; Port 445 No Longer Main Target

This week Akamai released its State of the Internet report for the second quarter of 2013, and the security section includes some changes since the last go around.

Based on data gathered from the Akamai Intelligent Platform, the report provides insight into key global statistics such as network connectivity and connection speeds, attack traffic, and broadband adoption and availability. One of the things we track is the origin of attack traffic around the world, and that will be the focus of this post.

What's new this time is that Indonesia replaced China as the top producer of attack traffic. Indonesia nearly doubled its first-quarter traffic from 21 to 38 percent, while China moved to second at 33 percent -- down one percentage point from last time. The United States remained in third even after dropping to 6.9 percent in the second quarter from 8.3 percent in the first quarter.

The top 10 countries and regions generated 89 percent of observed attacks, up from 82 percent in the previous quarter. Like the first quarter, Indonesia and China again originated more than half of the total observed attack traffic.

Thumbnail image for Thumbnail image for akamai-americas-attack-sources-v1-620x231.jpg

The choice of ports used to launch attacks shifted this time around. For the first time since the inaugural State of the Internet Report (first quarter of 2008), Port 445 (Microsoft-DS) was not the most targeted port for attacks, dropping to third place at 15 percent, behind Port 443 (SSL [HTTPS], 17 percent) and Port 80 (WWW [HTTP], 24 percent).

The vast majority (90 percent) of attacks targeting Ports 80 and 443 originated from Indonesia, up from 80 percent last quarter. Indonesia was observed to originate the majority of attacks targeting Ports 80 and 443, up to 90 percent from last quarter's 80 percent.

Thumbnail image for Thumbnail image for Thumbnail image for ports.jpg

My next State of the Internet post will focus on the DDoS trends captured in the latest report, as well as the attacks we've been tracking from the Syrian Electronic Army.

Additional reading: