Security Experts:

Connect with us

Hi, what are you looking for?



China Named Top Originator of Attack Traffic in Q4 2014: Akamai

A new report from Akamai Technologies names China as the top source of attack traffic on the Web.

A new report from Akamai Technologies names China as the top source of attack traffic on the Web.

In its ‘Fourth Quarter, 2014 State of the Internet Report‘, Akamai cited China as the originator of 41 percent of observed attack traffic. According to the report, during the fourth quarter of last year Akamai observed attack traffic originating from 199 unique countries and regions. Out of the 199, China was the clear leader of the pack, accounting for more than triple the amount originating from the U.S. 

“Akamai maintains a distributed set of unadvertised agents deployed across the Internet to log connection attempts that the company classifies as attack traffic,” according to the report. “Based on the data collected by these agents, Akamai is able to identify the top countries from which attack traffic originates, as well as the top ports targeted by these attacks.” 

China and the U.S. were again the only two countries to originate more than 10 percent of the observed attack traffic during the fourth quarter, with the remaining regions and countries all below five percent. Germany (1.8 percent) and Hong Kong (1.3 percent) joined the top 10, while Indonesia and Venezuela fell off. India was the only remaining top 10 country to see observed traffic percentages decline, dropping from 2.9 percent in the third quarter to 2.4 percent in the last few months of the year.

“The overall concentration of observed attack traffic decreased in the fourth quarter, with the top 10 countries/regions originating 75% of observed attacks, down from 84% and 82% in the second and third quarters, respectively,” according to the report.

Despite the numbers, the firm is careful to note that identifying the originating country by source IP address is not the same as true attribution because hackers in one part of the world may launch attacks from compromised systems located in another.

In total, attack traffic targeting the top 10 ports comprised 79 percent of all observed attack traffic in the fourth quarter – a substantial jump from the 38 percent in Q3. Port 23 (Telnet) remained the most popular target for hackers during the fourth quarter and accounted for 32 percent of observed attacks – an increase of more than 2.5 times previous levels. All other ports in the top 10 increased their percentages as well, with significant increases for Ports 445 (Microsoft-DS), 8080 (HTTP Alternate), 3389 (Microsoft Terminal services) and 22 (SSH), Akamai found.

“Port 23 remained the most popular target of attacks observed to originate in China, accounting for almost half of all attacks originating there—nearly 6x the volume of Port 1433, the second most attacked port from China,” according to the report. “Port 23 was also again the most targeted port for attacks from Turkey, South Korea, India and Hong Kong, while Taiwan, Russia, and Brazil had the most attacks targeting Port 445, with Port 23 not far behind in each case. Ports 80, 445, and 3389 each comprised roughly 10% of the attacks originating from the United States.”

When it comes to distributed denial-of-service attacks, Akamai found that the most significant change from 2013 to 2014 has been the distribution of attacks. Among its customers, the high-tech industry and public sector showed the most growth in attacks, while the enterprise segment actually experienced a drop-off. However, in the last quarter of 2014 the commerce and enterprise segments experienced the majority of attacks. Many of the attacks against public sector targets appear to be tied to political unrest, the firm noted.

The full report can be read here. 

Related ResourceDDoS Response Playbook

Related ResourceTop 10 DDoS Attack Trends

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...