Internet attacks from China and US increased in first quarter of 2012, report says
Most attacks are aimed at Port 445, which is favored by the Conficker worm, according to Akamai
IDG News Service - China and the U.S. were the two largest sources of Internet-attack traffic in the first quarter of 2012, increasing to account for 16% and 11% respectively, according to Akamai Technologies.
Attack traffic from China increased three percentage points compared to the last quarter of 2011 and attacks from the U.S. increased one percentage point in the same period, Akamai said in its First Quarter, 2012 State of the Internet report. Russia ranks third in the top ten and generated 7% of all attack traffic, a slight increase compared to last year's results.
Over the past four years the U.S. has been responsible for as little as 6.9% of attack traffic and as much as 22.9%, Akamai said. The highest concentration of attack traffic generated form China was observed in the third quarter of 2008 when the country was responsible for 26.9% of attack traffic, it added.
Akamai operates a global server network and maintains a distributed set of agents across the Internet that monitor traffic. Its quarterly report offers statistics not only on attack traffic but also on connection speeds.
On a regional basis, the Asia Pacific and Oceania regions combined were responsible for most attack traffic (42%) in the first quarter of this year, Akamai said in a news release. Approximately 35% of all attack traffic originated in Europe, 21% in the Americas and under 1.5% in Africa.
Attacks from Indonesia decreased drastically. After spending the prior two quarters in the top three, Indonesia fell to the twentieth place this quarter and was responsible for just one percent of observed traffic, according to the report. This decrease indicates that the threats from the country have shifted elsewhere or have been largely mitigated, Akamai added.
"As for attack traffic, we really don't have visibility into why one country or another may be the source of a greater percentage of traffic from one quarter to the next," said Akamai spokesman Rob Morton in an email, who added that in theory in any given period, one region may just be more active than others.
"We're also looking at percentages, so there's some fluidity there as well. For example, a couple of quarters ago Myanmar took one of the top spots on the list, now they've dropped off, that percentage of traffic needs to go somewhere," he said.
Attacks on the top ten ports increased significantly and attacks targeting these ports were responsible for 77% of attacks, up 15% compared to the last quarterly results. The growth of these attacks can probably be attributed to an increase in attacks targeting Port 445, which is associated with the Conficker worm, Akamai said. More than 42% of observed attack traffic was aimed at that port, an increase of 27 percentage points compared to the fourth quarter of 2011.
Conficker caused quite an uproar in 2009, and despite efforts by Microsoft and the Conficker Working Group, it appears that the worm botnet is still actively infecting user systems, Akamai said.
Other popular attack ports were Port 23, which is used by the Telnet network protocol, Port 1433 (used for Microsoft SQL Server) and Port 80 (used for HTTP traffic), according to the report. Attacks aiming for Port 80 indicate that attackers are searching for vulnerable Web applications that could be exploited to gain control over a system or install malware, Akamai said. Attacks at Port 23 likely indicate attempts to exploit common and default passwords allowing attackers to take over a system, it added.
Many of Akamai's customers also experienced denial-of-service (DoS) attacks during the first half of 2012, which signals a continuing and growing trend, according to the report. Attackers are increasingly using DoS tools that require lower traffic volumes such as Slowloris, a tool that holds connections open by sending partial HTTP requests, which causes a Web server to be tied up.
Online retailers and government sites were both targeted by approximately 20% of all DoS attacks reported by customers to Akamai. DoS attacks aimed at retailers usually involve some kind of extortion demand, while the public sector has been targeted by protesters. This last trend is unlikely to change in the near future, Akamai said, adding that once a site has become a target, it is almost a given that attackers will return again in the future.
- Social Media Education: The New Edge for Success Failure to train for social media will cost your business money. A recent report showed how digitally prepared companies can unlock up to...
- Social Media in Technology: A Unified Strategy for Success Find out how social media is sparking a new era of customer and industry-understanding in technology enterprises and how industry leaders are overcoming...
- How Network Connections Drive Web Application Performance Users around the globe, on all sorts of devices, expect Web applications to function as seamlessly as desktop applications. This paper discusses the...
- 5 Customers Deliver Virtual Desktops and Apps to Empower a Modern Workforce Learn how Citrix solutions helped 5 companies realize the full value of desktop virtualization through a project-by-project approach based on key business priorities.
- What Does it Take to Deliver a Superior Customer Experience? The Two Top-Rated Online Retailers, B&H Photo and Crutchfield Electronics, Share Their Secrets Discuss practical CX tools and service methods such as contact center agents and the use of realtime speech analytics to help contact center...
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily... All Internet White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!