Internet attacks from China and US increased in first quarter of 2012, report says
Most attacks are aimed at Port 445, which is favored by the Conficker worm, according to Akamai
IDG News Service - China and the U.S. were the two largest sources of Internet-attack traffic in the first quarter of 2012, increasing to account for 16% and 11% respectively, according to Akamai Technologies.
Attack traffic from China increased three percentage points compared to the last quarter of 2011 and attacks from the U.S. increased one percentage point in the same period, Akamai said in its First Quarter, 2012 State of the Internet report. Russia ranks third in the top ten and generated 7% of all attack traffic, a slight increase compared to last year's results.
Over the past four years the U.S. has been responsible for as little as 6.9% of attack traffic and as much as 22.9%, Akamai said. The highest concentration of attack traffic generated form China was observed in the third quarter of 2008 when the country was responsible for 26.9% of attack traffic, it added.
Akamai operates a global server network and maintains a distributed set of agents across the Internet that monitor traffic. Its quarterly report offers statistics not only on attack traffic but also on connection speeds.
On a regional basis, the Asia Pacific and Oceania regions combined were responsible for most attack traffic (42%) in the first quarter of this year, Akamai said in a news release. Approximately 35% of all attack traffic originated in Europe, 21% in the Americas and under 1.5% in Africa.
Attacks from Indonesia decreased drastically. After spending the prior two quarters in the top three, Indonesia fell to the twentieth place this quarter and was responsible for just one percent of observed traffic, according to the report. This decrease indicates that the threats from the country have shifted elsewhere or have been largely mitigated, Akamai added.
"As for attack traffic, we really don't have visibility into why one country or another may be the source of a greater percentage of traffic from one quarter to the next," said Akamai spokesman Rob Morton in an email, who added that in theory in any given period, one region may just be more active than others.
"We're also looking at percentages, so there's some fluidity there as well. For example, a couple of quarters ago Myanmar took one of the top spots on the list, now they've dropped off, that percentage of traffic needs to go somewhere," he said.
Attacks on the top ten ports increased significantly and attacks targeting these ports were responsible for 77% of attacks, up 15% compared to the last quarterly results. The growth of these attacks can probably be attributed to an increase in attacks targeting Port 445, which is associated with the Conficker worm, Akamai said. More than 42% of observed attack traffic was aimed at that port, an increase of 27 percentage points compared to the fourth quarter of 2011.
Conficker caused quite an uproar in 2009, and despite efforts by Microsoft and the Conficker Working Group, it appears that the worm botnet is still actively infecting user systems, Akamai said.
Other popular attack ports were Port 23, which is used by the Telnet network protocol, Port 1433 (used for Microsoft SQL Server) and Port 80 (used for HTTP traffic), according to the report. Attacks aiming for Port 80 indicate that attackers are searching for vulnerable Web applications that could be exploited to gain control over a system or install malware, Akamai said. Attacks at Port 23 likely indicate attempts to exploit common and default passwords allowing attackers to take over a system, it added.
Many of Akamai's customers also experienced denial-of-service (DoS) attacks during the first half of 2012, which signals a continuing and growing trend, according to the report. Attackers are increasingly using DoS tools that require lower traffic volumes such as Slowloris, a tool that holds connections open by sending partial HTTP requests, which causes a Web server to be tied up.
Online retailers and government sites were both targeted by approximately 20% of all DoS attacks reported by customers to Akamai. DoS attacks aimed at retailers usually involve some kind of extortion demand, while the public sector has been targeted by protesters. This last trend is unlikely to change in the near future, Akamai said, adding that once a site has become a target, it is almost a given that attackers will return again in the future.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- IDC Report: The Future of eMail is Social This paper discusses the changing nature of collaboration and work fueled by the social Web by examining current email trends and the emergence...
- The Business of Social Business Social business represents a significant transformational opportunity for organizations. Read this whitepaper to learn more.
- Six Ways Your Small Business Can Save with Internet Phone Service Traditional phone systems present two main problems for businesses: limited features and high costs. As a result, small businesses are migrating to Internet...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- Supercharge Your Web and Mobile App Development with High-Productivity Hybrid Cloud Webinar: Hear from industry experts about the amazing power at the intersection of next-generation web and mobile application development and cloud platforms.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Internet White Papers | Webcasts