China is Top Source of Internet Attacks

After being briefly dethroned, China and port 445 are back at the top of Akamai’s scoundrel’s list.

Balance has returned to the dark side of the Internet, according to Akamai’s most recent State of the Internet report.

Not only has China reclaimed the lead as the country from which the largest number of online attacks originated (with 35 percent of all attacks observed worldwide), port 445 (Microsoft-DS) has returned to its traditional spot as the most frequent target for those attacks.

In its report on Internet traffic during the second quarter of 2013, Akamai revealed that the number of Internet attacks originating from Indonesia had more than doubled, from 21 percent to 38 percent of the global total, while China faded from 34 percent to 33 percent. But in the third-quarter Akamai State of the Internet report, published Jan. 28, attacks from China returned to 35 percent of the total, while Indonesia dropped to 20 percent – much closer to its typical volume.

The United States retained its bronze-medal spot on the list of countries from which most Internet attacks originated, despite increasing its overall total from 6.9 percent during the second quarter to 11 percent during the third.

Microsft-DS port 445, which has been the leading point of attack on Internet-connected servers since Akamai started gathering detailed performance data in 2008, was briefly dethroned during the second quarter by a wave of attacks using rival ports 80 (HTTP) and port 443 (SSL).

Introduced with Windows 2000 as an alternative to ports 137-139 for file-sharing using Microsoft’s Server Message Block (SMB) data-transfer protocol, port 445 is a favorite among hackers because it was actually designed to allow remote-access transfer and installation of files. Port 445 is easily secured, however; even consumer-networking devices containing Network Address Translation (NAT) functions to conceal the specific IP addresses of home computers is able to shield port 445. It remains unsecured frequently enough, however, to draw 23 percent of all attempted exploits.

Oddly, the number of Distributed Denial of Service attacks declined during the quarter for the first time since 2012, when Akamai began tracking DDOS attacks. There were 281 observed attacks during the third calendar quarter of 2013 compared to 318 during the second quarter.

Large companies continue to be the most frequent targets of DDOS attacks, with 127, compared to 80 attacks on e-commerce sites, 42 on media or entertainment sites and 14 on high tech companies.

Image: Akamai