Akamai Diversity

The Akamai Blog

Q3 2014 State of the Internet Report: Security Highlights

This morning Akamai released its State of the Internet Report for the third quarter of 2014. Here are the security highlights:

Attack traffic
Akamai observed attack traffic from 201 unique countries/regions -- up significantly from 161 in the second quarter, and more in line with the 194 seen in the first quarter.

The highest concentration of attacks (50%) came from China, nearly three times more than the United States, which saw observed traffic grow by approximately 25% quarter-over-quarter.

China and the United States were the only two countries to originate more than 10% of observed global attack traffic.

Indonesia was the only country among the top 10 to see observed attack traffic decline, dropping from 15% of global attack traffic in the second quarter to 1.9% in the third.

The overall concentration of observed attack traffic decreased slightly in the third quarter, with the top 10 countries/regions originating 82% of observed attacks, down from 84% last quarter. Furthermore, 64% of attack traffic originated from the Asia Pacific region, down from 70% last quarter, while the lowest volume (1%) originated from Africa.

Attack vectors
Port 23 remained the most popular target of attacks observed to be originating in China, accounting for more than three times more volume than Port 80, the second-most attacked port within the country.

The volume of observed traffic targeting Ports 80 (HTTP/WWW), 443 (HTTPS/SSL) and 880 (HTTP Alternate) dropped significantly in the third quarter, with all three ports seeing a fraction of the attack volume seen in previous quarters.

DDoS traffic
Akamai customers reported 270 DDoS attacks for the second quarter in a row. Overall, this represents a 4.5% reduction in attacks since the beginning of 2014 and a 4% decrease in comparison to the third quarter of 2013.

In contrast to the second quarter's report, the number of attacks fell in both of the Americas, with 142 attacks, and in the Europe, Middle East and Africa (EMEA) region, with 44 attacks.

However, the number of attacks in the Asia Pacific (APAC) region rose by 25% from the previous quarter to 84.

The distribution of industries did not change in comparison to the previous quarter; commerce, enterprise, high tech, media and entertainment, and the public sector all saw the same number of attacks as the previous quarter, even though the actual targets of these attacks changed. Compared with the same quarter of 2013, enterprise attacks have fallen by more than a third from 127 to 80. At the same time, attacks against high tech companies have tripled from 14 to 42.

Akamai saw an increase in the number of repeated attacks against the same target in the third quarter, returning to the 25% chance of a subsequent attack targeting the same organization. This represents a drop in unique targets from 184 in the second quarter to 174 in the third.

You can download the full report here.