Internet Attacks via Indonesia Drop Off After Big Spike

1/28/14Follow @curtwoodward

A few months ago, Internet traffic routing company Akamai noticed something interesting: a significant rise in the amount of attack traffic coming from Indonesia, making that country the world’s top launching pad for malicious hackers.

It didn’t last.

Attacks originating from Indonesian IP addresses have dropped back into their previous No. 2 spot in Akamai’s (NASDAQ: AKAM) latest State of the Internet report, which covers Internet traffic observations for the third quarter of 2013.

China is once again the top source of IP addresses used in Internet attacks, accounting for 35 percent of the malicious traffic in the quarter. Indonesia’s 20 percent share still easily outpaces the U.S., which comes in third at 11 percent.

Those rankings don’t necessarily mean the malicious hackers are all based in those countries. Since Cambridge, MA-based Akamai’s traffic monitors only detect the IP address used to start the attack, it’s entirely possible that a malicious hacker could be hijacking an address from somewhere else on the planet.

So why did Indonesian attacks suddenly spike? Akamai doesn’t offer any insight there. But it’s notable that the majority of attacks coming from Indonesian addresses target network ports associated with Web traffic, rather than a more common target: a port associated with Microsoft’s Windows operating system.

Akamai also collected reports from customers on distributed denial of service (DDoS) attacks, in which malicious hackers flood websites with traffic in order to disrupt their performance. The 281 DDoS reported attacks represented a slight drop from the previous quarter, which saw 318 such attacks.

Akamai said one reason for the lower number of attacks could be the “relative silence” of a group called the Izz ad-Dim al-Qassam Cyber Fighters, which was a major source of DDoS traffic in earlier months.

Most of the DDoS attacks seen in the third quarter were aimed at targets in North America, with Asia second and Europe third. North American targets did shrink a bit compared to the previous quarter, while European targets increased by 22 percent.

Akamai also asked its customers how often they had been targeted for DDoS attacks, and found that one-fourth of its customers were attacked more than once in the quarter.

And then there was this nightmare tale: “One customer reported a total of 51 unique attacks in the third quarter of 2013 alone, meaning that on average, at least every other day during the quarter, this customer was the target of a DDoS attack.”

That’s a pretty good illustration of why Akamai shelled out $370 million last month for a company called Prolexic, which makes anti-DDoS software for data centers and Web applications.

Curt Woodward is a senior editor for Xconomy based in Boston. Email: cwoodward@xconomy.com Follow @curtwoodward

By posting a comment, you agree to our terms and conditions.