Taiwan takes top spot from Myanmar as malicious internet traffic source

Taiwan takes the top spot on Akamai’s list of sources of malicious internet traffic in the second quarter of 2011
Taiwan takes the top spot on Akamai’s list of sources of malicious internet traffic in the second quarter of 2011

Taiwan jumped to first, displacing Myanmar, which held the top spot in the first quarter of this year. That was the first time Myanmar had appeared on the Akamai top 10 list of malicious internet traffic originators.

Akamai measures malicious internet traffic based on what it terms “attack traffic.” The company maintains a distributed set of agents deployed across the internet that monitor attack traffic. Based on the data collected by these agents, Akamai identifies the top countries from which attack traffic originates, as well as the top ports targeted by these attacks.

Rounding out the top 10 attack traffic sources were China, Russia, Indonesia, Brazil, India, Egypt, and Romania, according to the Akamai’s 'State of the Internet Report for the second quarter of 2011'. Egypt returned to the top 10 list for attack traffic after last appearing in the fourth quarter of 2010.

“We unfortunately do not have insight into whether these attacks are directly sourced within these countries or if there is something within the country that is being used as a proxy”, David Belson, author of the Akamai report, told Infosecurity.

The top 10 ports targeted by attack traffic accounted for 64% of observed attack traffic. While not the top targeted port, Port 80 (WWW) remained a very popular target, especially among the attack traffic originating from Myanmar, according to the report.

“The top ports remain consistent. They may shift in ranking from quarter to quarter. We are still seeing a lot of attack traffic targeting Port 445, which was the one previously associated with Conficker”, Belson said.

Reviewing data collected over the past several years on client-side SSL ciphers, Akamai said that SSL appears to be getting safer and more secure over time – the trend is toward stronger ciphers, driven by the adoption of more modern web browsers and encryption techniques.

Akamai explained that an SSL cipher is an encryption algorithm that, in combination with an exchanged key, is used to create a private encrypted connection between two networked computers, which blocks outsiders from accessing communications taking place over the connection.

“One of the things we started looking at this quarter is the data we have internally around SSL and client-side ciphers….What we are seeing is a trend toward stronger SSL ciphers”, Belson said.

“There has been a lot of press lately on SSL. Is SSL really secure? But this has to do with certificate authorities [CAs] and problems around compromised CAs and bogus certificates being generated. From that perspective, there are still a lot of challenges for SSL. But from an encryption perspective, things appear to be getting better”, Belson observed.

What’s Hot on Infosecurity Magazine?