The new cyber-attack capital of the world is Indonesia, which has pushed China out of the top spot this quarter, nearly doubling its first-quarter traffic from 21 percent to 38 percent. China moved to second at 33 percent, down from 34 percent. The United States remained in third place even after dropping to 6.9 percent in the second quarter from 8.3 percent in the first quarter, according to a report from Akamai Technologies.
Akamai is offering insights into cyber attacks with a special focus on the hactivist group that calls itself Syrian Electronic Army (SEA). Akamai is also offering stats on traffic activity due to Internet disruptions in Sudan and Syria, in its Second Quarter 2013, State of the Internet report.
Akamai is well positioned to offer the insights, given it maintains a distributed set of unadvertised agents deployed across the Internet that log connection attempts the company classifies as attack traffic. Based on the data collected by these agents, Akamai can identify the top countries from which attack traffic originates and the top ports these attacks targeted.
The top 10 countries or regions generated 89 percent of observed attacks, up from 82 percent in the previous quarter. Like the first quarter, Indonesia and China again originated more than half of the total observed attack traffic. In the second quarter, Akamai observed attack traffic originating from 175 unique countries and regions, two fewer than it observed in the first quarter of 2013.
Port 80 Most Attacked
For the first time since the inaugural State of the Internet Report in 2008, Port 445 (Microsoft-DS) was not the most targeted port for attacks, dropping to third place at 15 percent, behind Port 443 (SSL [HTTPS]) at 17 percent) and Port 80 (WWW [HTTP]) at 24 percent. Ninety percent of attacks targeting Ports 80 and 443 originated from Indonesia, up from 80 percent last quarter. The majority of attacks targeting Ports 80 and 443 originated from Indonesia, up to 90 percent from last quarter's 80 percent.
"The most interesting part in this report is the attack traffic pie chart," Tommy Chin, technical support engineer, CORE Security, told us. "According to this information, Web servers running on port 80 and 443 are the most targeted service. This should be generally accurate going forward since the Web is basically the most used service on the Internet. However, the delta in percentage from Q1 to Q2 is a 10% increase which indicates that the attack traffic trend targeting Web servers will increase the most over time for Web technologies." (continued...)