Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

4/23/2013
12:12 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Akamai Releases Fourth Quarter 2012 'State Of The Internet' Report

Reported DDoS attacks grow more than 200 percent year over year

CAMBRIDGE, Mass., April 23, 2013 /PRNewswire/

-- Nearly 700 million unique IP addresses connected to Akamai Intelligent

Platform

-- Reported DDoS attacks grow more than 200% year over year

-- Global average peak connection speed jumps 35% year over year Akamai Technologies, Inc. (NASDAQ: AKAM), the leading cloud platform for helping enterprises provide secure, high-performing user experiences on any device, anywhere, today released its Fourth Quarter, 2012 State of the Internet Report.

Based on data gathered from the Akamai Intelligent Platform(TM), the report provides insight into key global statistics including connection speeds, attack traffic, and network connectivity and availability, among many others.

(Logo: http://photos.prnewswire.com/prnh/20100225/AKAMAILOGO)

The Fourth Quarter, 2012 State of the Internet Report includes new observations on Distributed Denial of Service (DDoS) attacks, analysis of Phase II of the Operation Ababil attacks, and examinations of Internet disruptions in Syria, Bangladesh, and Senegal. The report also reviews mobile browser usage by network connection type collected by Akamai IO.

Highlights from Akamai's Fourth Quarter, 2012 Report:

Global Internet Penetration

Nearly 700 million unique IPv4 addresses from 240 countries/regions connected to the Akamai Intelligent Platform - 4.2 percent more than in the third quarter of

2012 and 13% more than in the fourth quarter of 2011. Since a single IP address can represent multiple individuals in some cases - such as when users access the Web through a firewall or proxy server - Akamai estimates the total number of unique Web users connecting to its platform during the quarter to be well over one billion.

Quarterly growth among all of the top 10 countries ranged from 1.1 percent in Japan to 5.1 percent in Russia. Among the full set of countries/regions worldwide that connected to the Akamai Intelligent Platform, 75% saw a quarterly increase in unique IP address counts.

Year-over-year, the global unique IP address count increased by nearly 10%, or more than 71 million, compared to the fourth quarter of 2011. Among the top 10 countries, yearly growth ranged from less than 1% in South Korea and Japan (0.2 percent and 0.8 percent, respectively) to double-digit growth rates in Russia (13 percent), China (19 percent), Italy (21 percent) and Brazil (33 percent). Globally, 79% of countries/regions had higher unique IP address counts year-over-year.

Attack Traffic and Top Ports Attacked

Akamai maintains a distributed set of unadvertised agents deployed across the Internet that log connection attempts, which the company classifies as attack traffic. Based on data collected by these agents, Akamai is able to identify the top countries from which attack traffic originates, as well as the top ports targeted by these attacks. It is important to note, however, that the originating country as identified by the source IP address may not represent the nation in which an attacker resides. For example, an individual in the United States may be launching attacks from compromised systems in China.

Akamai observed attack traffic from 177 unique countries/regions during the fourth quarter of 2012, down from 180 in the third quarter. China again maintained its position as the single largest volume source of observed traffic at 41% of the total, up from 33% in the prior quarter. The United States remained in the number two spot despite a drop in observed attack traffic from 13% to 10% in the fourth quarter. Turkey took over Russia's number three spot with 4.7 percent.

The top 10 countries/regions generated 75% of the observed attack traffic during the quarter. China and the United States were responsible for slightly more than 50% of total attack traffic.

Port 445 (Microsoft-DS) remained the most targeted port in the fourth quarter, receiving 29% of attack traffic. Port 23 (Telnet) was again second at 7.2 percent.

Observations on DDoS Attacks

For the first time, the report includes insight into DDoS attacks reported by Akamai customers. Data from this quarter's report will serve as a baseline for future comparisons. Akamai customers reported 768 DDoS attacks in 2012, up more than 200% from 2011. Of those, 35% targeted companies in the Commerce sector and 22% focused on Media and Entertainment companies.

Enterprise companies, which include financial services, were subject to 20% of reported attacks; 14% targeted High Tech and nine percent of reported attacks were directed toward Public Sector agencies. The 768 attacks were reported by 413 unique organizations, indicating that many organizations were targeted more than once - some significantly more.

Operation Ababil, Phase II

As highlighted in the report for the third quarter of 2012, Akamai was involved in protecting some of the organizations targeted by the "Operation Ababil"

series of DDoS attacks. Those attacks continued through October before pausing until December 25, at which point they carried on into January of 2013.

As in the first phase, attackers continued to leverage the BroBot botnet to launch their attacks, and have varied the attacks in an attempt to evade filtering, primarily through the altering of query strings, user-agents, and targeted URLs. BroBot nodes have been observed sending traffic bursts at a rate of up to 10,000 requests per minute per node, and as many as 18 million attack requests per second.

Global Average and Peak Connection Speeds Quarter-over-quarter, the global average connection speed rose 5% to 2.9 Mbps. Further, a total of 98 countries/regions that qualified for inclusion saw average connection speeds increase from the third quarter of 2012, ranging from

0.1 percent growth in the Netherlands and Luxembourg to 23% growth in Cote d'Ivoire.

Year-over-year, average connection speeds grew by 25%, with nine of the top 10 countries also demonstrating growth. In fact, only the Netherlands (3.3 percent), Hong Kong (5.4 percent) and Japan (19 percent) reported growth below

20 percent between 2011 and 2012.

Global average peak connection speeds enjoyed a quarter-over-quarter increase of

4.6 percent to 16.6 Mbps. Hong Kong again claimed the highest peak connection speed at 57.5 Mbps, a rise of 6.2 percent from last quarter.

Year-over-year, global average peak connection speeds once again demonstrated significant improvement, rising 35%.

Global broadband (>4 Mbps) and high broadband (>10 Mbps) adoption improved by

2.7 and 2.1 percent respectively for the quarter. Global broadband adoption rates rose slightly to 42%, while high broadband remained at 11%.

"Looking back across the year, we observed strong growth in our key connectivity metrics around the world. We believe that this points to greater availability of broadband connectivity, as well as increased speeds on those connections. This is supported as well by the long-term trends observed over the five-year history of the State of the Internet Report," explained David Belson, the report's editor. "The combination of improved broadband availability and higher speeds should open the door for greater innovation in how the Internet is used by both businesses and individuals around the globe."

Mobile Connectivity

The fourth quarter of 2012 saw average connection speeds on surveyed mobile network operators range from a high of just over 8.0 Mbps to a low of 345 kbps.

Eight providers demonstrated average connection speeds in the "broadband" (>4

Mbps) range. Sixty-four more providers delivered average connection speeds greater than 1 Mbps. Data collected by Ericsson shows that mobile data traffic doubled from the fourth quarter of 2011 to the fourth quarter of 2012, and grew

28 percent between the third and fourth quarter of 2012.

Mobile devices using Android Webkit accounted for the largest percentage of requests (35.3 percent) from devices on cellular networks connecting to the Akamai Intelligent Platform. Devices using Apple Mobile Safari represented 32.6 percent. When analyzed across all network types, the ratios were markedly different, with Apple Mobile Safari accounting for 58.7 percent of requests, and Android Webkit responsible for 21.7 percent.

About the Akamai State of the Internet report Each quarter, Akamai publishes a "State of the Internet" report. This report includes data gathered from across the Akamai Intelligent Platform about attack traffic, broadband adoption, mobile connectivity and other relevant topics concerning the Internet and its usage, as well as trends seen in this data over time. To learn more and to access the archive of past reports, please visit www.akamai.com/stateoftheinternet. To download the figures from the Fourth Quarter, 2012 State of the Internet report, please visit http://wwwns.akamai.com/soti/soti_q412_figures.zip.

About Akamai

Akamai® is the leading cloud platform for helping enterprises provide secure, high-performing user experiences on any device, anywhere. At the core of the Company's solutions is the Akamai Intelligent Platform(TM) providing extensive reach, coupled with unmatched reliability, security, visibility and expertise.

Akamai removes the complexities of connecting the increasingly mobile world, supporting 24/7 consumer demand, and enabling enterprises to securely leverage the cloud. To learn more about how Akamai is accelerating the pace of innovation in a hyperconnected world, please visit www.akamai.com or blogs.akamai.com, and follow @Akamai on Twitter.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15596
PUBLISHED: 2020-08-12
The ALPS ALPINE touchpad driver before 8.2206.1717.634, as used on various Dell, HP, and Lenovo laptops, allows attackers to conduct Path Disclosure attacks via a "fake" DLL file.
CVE-2020-15868
PUBLISHED: 2020-08-12
Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control.
CVE-2020-17362
PUBLISHED: 2020-08-12
search.php in the Nova Lite theme before 1.3.9 for WordPress allows Reflected XSS.
CVE-2020-17449
PUBLISHED: 2020-08-12
PHP-Fusion 9.03 allows XSS via the error_log file.
CVE-2020-17450
PUBLISHED: 2020-08-12
PHP-Fusion 9.03 allows XSS on the preview page.