Cyber attacks are on the rise, but where are they originating from? If you guessed China, you're close, but most of the attack traffic during the quarter actually originated in Indonesia, according to a new report from Akamai.

In the second quarter, Akamai found that attacks originated in 175 countries, with Indonesia accounting for 38 percent of those attacks - up from 21 percent in the first quarter. China came in at No. 2 with 33 percent, down 1 percent this quarter. The U.S. stayed at No. 3, but dropped from 8.3 percent to 6.9 percent.

As a result, the Asia Pacific region made up 79 percent of observed attacks, Akamai found in its quarterly state of the Internet report. That's up from 68 percent in the last quarter and 56 percent in the fourth quarter of 2012. Europe had just over 10 percent, while North and South America had just over 10 percent combined, and Africa had only three-tenths of a percent.

Approximately 89 percent of cyber attacks came from the top 10 countries, with Indonesia and China responsible for more than half.

For the first time since Q1 2008, Microsoft Directory Services (or Port 445) was not the most targeted port. Instead, Port 443 (for secure Web browser communication) and Port 80 (the WWW system) took the No. 1 and 2 spots, respectively.

"The vast majority (90 percent) of attacks targeting Ports 80 and 443 originated from Indonesia, up from 80 percent last quarter," Akamai found.

Akamai noted an increase in the number of distributed denial of service (DDoS) attacks, up 54 percent quarter over quarter to 318 attacks in Q2. Most of those attacks - or 134 - targeted the enterprise sector, with a focus on financial institutions, as well as pharmaceutical and healthcare businesses. Commerce firms dealt with 91 attacks, while media and entertainment companies were hit with 53.

The report also addressed the Syrian Electronic Army (SEA), which targeted a number of media outlets that it believed was sympathetic to Syrian rebels.

"It does not appear that the SEA is directly supported by the Syrian regime, unlike APT1 in China," Akamai concluded. "[But] the Syrian government is aware of the SEA and approves of their actions." Akamai promised more details on SEA in its next report as some high-profile attacks occurred in the third quarter.

Connectivity and Web Speeds

Akamai's report also examined global Internet connectivity and speeds, and found that Q2 "marked the first time that half of all connections to Akamai from around the world took place at speeds of at least 4 Mbps."

Global average peak connection speeds were up 0.1 percent to 18.9 Mbps, with Hong Kong registering the speediest Internet at 65.1 Mbps. South Korea wasn't too far behind at 53.3 Mbps, while Japan landed at 48 Mbps. At an average 8.7 Mbps, the U.S. did not make the top 10.

Akamai saw 752 million unique IPv4 addresses from 242 countries connect to its platform in the second quarter, up 2 percent quarter over quarter and 13 percent from last year.

"Since a single IP address can represent multiple individuals in some cases - such as when users access the Web through a firewall or proxy server - Akamai estimates the total number of unique Web users connecting to its platform during the quarter to be well over one billion," the company said.

Global broadband adoption grew 14 percent during the quarter, with the U.S. landing at No. 10 among the countries with high (10+ Mbps) broadband connectivity. Still, the U.S. was the only country on the list that did not see at least one of every four connections topping 10 Mbps, landing at 24 percent.

The full report is available for download on Akamai's website.

Further Reading

Security Reviews