State of the Internet: Fewer Attacks Than Previous Quarter

Key details on the sources of attack traffic and targeted ports:

• Akamai observed attack traffic originating from 194 unique countries/regions -- six more than the fourth quarter of 2013. 
• China was again responsible for originating the most attacks, but dropped slightly from 43% in the fourth quarter of 2013 to 41% in the first quarter of 2014.
• The United States followed in second place, but also saw a decline from 19% to 11%.
• Indonesia saw a slight uptick from 5.7% to 6.8% to secure third place. 

Overall, the concentration of attacks decreased significantly, compared to the fourth quarter of 2013, with the top 10 countries/regions originating 75% of observed attacks, down from 88% in the prior quarter.

• Port 445 (Microsoft-DS) remained the most targeted port in the first quarter of 2014, but the associated attack traffic volume was down to 14% of observed attack traffic (from 30% in the third quarter of 2013). 
• Port 5000 (Universal Plug & Play/UPnP) saw a significant increase during the quarter -- from less than a tenth of a percent in the fourth quarter of 2013 to 12% this quarter -- an increase of more than 100 times. 
• Port 23 (Telnet) ranked third with 8.7% of observed attack traffic.

• Most regions of the world saw a decline in reported DDoS attacks during the first quarter of 2014. 
• The Americas continued to account for approximately 49% (139) of all attacks, followed by the Asia Pacific region with 31% (87) of attacks and Europe, Middle East and Africa (EMEA) receiving the remaining 20% (57) of DDoS traffic. 
• The enterprise sector saw a 49% quarter-over-quarter reduction in attack traffic, while public sector attack traffic grew by 34%, primarily attributable to attacks against government targets within Singapore.