14 DAY TRIAL // A 2009 Q4 report from Akamai paints a gloomy picture for Internet users in the realm of security. While the number of countries attacks originated from went down, other statistics weren't that positive.
In Q3, Akamai recorded more than 207 countries attacks originated from. In Q4, that number went down, but only to 198. Atop the list is still Russia with 13% from the total recorded attacks.
Completing the list is the United States with 12%, China with 7.5%, Brazil with 6.4%, Taiwan with 5.5%, Italy with 4.5%, Germany with 4.4%, India with 3.3%, Argentina with 3.1% and Romania with 3%. The top 10 countries remained the same, only their position being shifted around.
As in previous reports from Akamai, port 445 (Microsoft-DS) was by far the most targeted port of attacks with no more than 74%, going down from 78% recorded in Q3.
The top 10 list of attacked ports is completed with port 22 (SSH) with 5.2% of attacks, port 139 (NetBIOS) and port 135 (Microsoft-RPC) with 2.8%, port 23 (Telnet) with 2.5%, port 80 (WWW HTTP) with 1.5%, port 4899 (Remote Administrator) with 1.1%, port 1433 (Microsoft SQL Server) with 0.9%, port 5900 (VNC Server) with 0.8% and port 25 (SMTP) with 0.5%. The other ports accounted only for 8.3% of all attacks.
The total number of unique ports targeted in attacks rose from 3,800 in Q3 to about 10,000 unique ports in Q4. If a threshold of 100 minimum attacks per port is implemented, the percent of attacks on port 445 raises from 74% to 78%.
With the same threshold applied, we can see that only 32 ports can be indexed in the statistics, meaning that most of the 10,000 unique ports recorded by Akamai were simple port scans, searching for back door entries.
The report also points to the United States as the main country from which port scans and attacks mainly occurred, with the most attack connections attempted to unique ports: 4,100. India was second in that period with 600 attack connections.
The report from Akamai can be downloaded here.