Russia remains the top country for attack traffic

Jul 28, 2010 07:20 GMT  ·  By
Russia and the United States are the leading attack traffic sources in first quarter of 2010
   Russia and the United States are the leading attack traffic sources in first quarter of 2010

According to Akamai, Russia and the United States were the leading sources of attack traffic during the first quarter of 2010. With four countries in the top ten, Europe is responsible for 44% of attacks recorded during the same period.

Akamai, one of the world's leading content distribution networks and cloud-services providers, maintains numerous sensors spread across its world-wide infrastructure, that are able to detect and record attacks. Using data gathered by these agents and other metrics, the company compiles statistics, which it reveals in its quarterly State of the Internet report.

A newly released figures for Q1 2010, place Russia as the top source of attacks, with 12% of the global attack traffic originating in the country. Russia is in the top spot for the third consecutive quarter according to Akamai, but registered a 1% decrease during Q1. Meanwhile, the United States, which came in second place with 10%, has lowered its score by 2% compared to Q4 2009.

Other notable changes is that India and Argentina dropped out of the top 10 countries responsible for attack traffic, being replaced by Japan and Poland. The current top 10 countries account for 61% of the total attacks in the world and are Russia (12%), United States (10%), China (9.1%), Taiwan (6.1%), Brazil (6.0%), Italy (4.4%), Germany (3.9%), Romania (3.2%), Japan (2.9%) and Poland (2.4%).

With four countries in the top 10, Europe is by far the primary source of attack traffic, being responsible for 44% of the total output. It is followed by Asia – Pacific, with 31%, North America, with 13% and South America, with 11%. Europe is also responsible for most attacks originating from mobile networks (50%), though Akamai doesn't think this traffic is caused by infected handsets, but rather computers using mobile broadband connections.

The most targeted port remains by far 445 (Microsoft Directory Services), which is primarily targeted by the Conficker worm. A whooping 74% of all attacks targeted this service, suggesting that there are still a huge number of unpatched computers out there. Attack traffic distribution for this port varies widely. For example it reaches 95% in Romania, but only around 50% in the United States.

The rest of the top ten targeted ports are 22 – SSH (6.3%), 139 – NetBIOS (3.2%), 23 – Telnet (2.5%), 135 – Microsoft-RPC (2.5%), 80 – WWW (1.7%), 4899 – Remote Administrator (1.5%), 1433 – Microsoft SQL Server (1.1%), 5900 – VNC Server (0.9%) and 1080 – SOCKS Proxy (0.5%).

You can follow the editor on Twitter @lconstantin