According to Akamai’s Q3 2013 State of the Internet report, enterprise DDoS attacks totaled 127 in the third quarter; commerce was next with 80, followed by media and entertainment (42), public sector (18) and high-tech (14).
And, analysis of the geographic distribution of DDoS attack targets shows that European customers experienced a 22% increase in attacks, compared to the previous quarter.
By contrast, attacks on targets in North America were down by 18% this quarter. And overall, there’s a bright spot in the statistics: for the first time since the fourth quarter of 2012, when Akamai began reporting on DDoS attacks, fewer attacks were reported than the previous quarter, with 281 observed in the third quarter of 2013 compared to 318 during the second quarter (down 11%).
That said, the decline is likely not a harbinger of better things to come, the firm said. “Although the number of DDoS attacks reported by Akamai customers in the third quarter declined from the previous quarter, we believe that 2013 will ultimately be a significantly more active year for DDoS attacks than 2012,” said David Belson, the report’s editor. “As of the end of the third quarter, customers had already reported more DDoS attacks than they did in all of 2012.”
In terms of where attacks are being launched from, the report showed that China, which originated 35% of observed attacks, returned to the top spot while Indonesia dropped back to second place, having originated 20% of observed attacks (slightly more than half of the volume seen in the second quarter). The United States remained in third position, originating 11% of observed attacks. During the quarter, Europe’s aggregate contribution increased, growing to 13.5% of all observed attacks.
After dropping to third place in the second quarter, Port 445 (Microsoft-DS) returned to its spot as the most targeted port in the third quarter, drawing 23% of observed attacks. Port 80 and Port 443 dropped to second and third place at 14% and 13%, respectively. Port 445 was the most targeted port in eight of the top 10 countries/regions, the only exceptions being China and Indonesia. Port 1433 (Microsoft SQL Server) was the top target for China, and Port 443 was the most targeted from Indonesia.
Akamai has also started to examine the likelihood that attack targets may be subject to follow-up attacks. Out of the 281 third-quarter attacks, 169 were focused on unique targets. During the quarter, 27 customers were attacked for a second time; five reported three attacks; and seven companies were attacked more than three times. Initial analysis of the data indicates that if a company is the target of a DDoS attack, there is a 25% chance that it could be attacked again within three months.