What Security Pros Need To Know About the State of the Internet
Akamai has released its latest State of the Internet Report, this issue covering the first quarter of 2014. While the report touches on everything from connection speeds to
connectivity to 4K readiness to IPv6 to
patterns across leading Web properties, the most interesting part of the report in today's Internet world may be the
Indeed, Akamai tapped into its distributed set of unadvertised agents it has deployed across the Internet to surface some data that IT security admins need to know. These agents log connection attempts the company classifies as "attack traffic." Using this data, Akamai zeroes in on the top countries -- and top ports -- generating this attack traffic.
Attack traffic originated from 194 unique countries and regions in the first quarter of 2014. That's six more than the fourth quarter of 2013. Not surprising is the fact that China remains responsible for originating the most attacks, even though it dropped slightly from 43 percent in the fourth quarter of 2013 to 41 percent in the first quarter of 2014.
What Port Is Most Attacked?
The U.S. is hardly blameless, coming in second to China. However, attack traffic from the U.S. also saw a decline from 19 percent to 11 percent, while Indonesia saw a slight rise, from 5.7 percent to 6.8 percent, to take the third-place position. Overall, the concentration of attacks dipped significantly as compared with the fourth quarter of 2013.
In terms of ports, Port 445, which is also known as the -DS port, is still the most targeted port in the first quarter of 2014. The good news is associated attack traffic volume was down to 14 percent of observed attack traffic. That figure was 30 percent in the third quarter of 2013.
Meanwhile, Port 5000, also referred to as the Universal Plug & Play/UPnP port, witnessed a notable increase during the first quarter -- from less than 0.1 percent in the fourth quarter of 2013 to 12 percent in the first quarter. That's an increase of more than 100 times. Port 23, or the Telnet port, ranked third with 8.7 percent of attack traffic, Akamai observed.
Enterprise Attacks Down
Distributed Denial of Service (DDoS) attack traffic is another storyline in the Akamai report. The good news is the number of DDoS attacks reported in the first quarter declined to 283, from 346 in the last quarter of 2013. That is a 20 percent decrease quarter-over-quarter and a 27 percent increase year-over-year. In fact, most regions of the world saw a dip in the number of DDoS attacks in the first quarter.
Specifically, the Americas account for approximately 49 percent of all attacks. That's followed by the Asia-Pacific region, with 31 percent of attacks, and Europe, Middle East and Africa (EMEA), receiving the remaining 20 percent of DDoS.
Especially noteworthy is the fact that the enterprise sector saw a 49 percent quarter-over-quarter reduction in attack traffic, while public sector attack traffic grew by 34 percent, primarily attributable to attacks against government targets within Singapore.