China Remains DDoS Traffic King Despite Indonesian Jump

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

China home to most DDoS attack traffic, but US source of most

China is still the source of more distributed denial of service (DDoS) traffic than any other country in the world, despite seeing a drop in overall share.

Activity in Indonesia spiked, from being the source of just 0.7 percent of all DDoS traffic in the fourth quarter of last year up to 21 percent in the first quarter of 2013, according to Akamai’s latest State of the Internet report.

America US China - Shutterstock © AquirChina dropped from 41 percent to 34 percent. The US also saw a decline from 10 percent to 8.3 percent.

China and US big cyber attackers

Chinese hackers are often the alleged actors behind various kinds of Internet-based attacks, as seen in TechWeekEurope’s exclusive this week covering spear phishing targeting Falun Gong activists and military organisations.

The data indicates there are many perpetrators of DDoS attacks and many victims of malware in China, whose machines are being used to generate the bandwidth needed to carry out DDoS hits.

Indonesia has emerged as a source of much DDoS traffic as it seems the country is home to plenty of infected machines acting as bots, Akamai said.

“The vast majority (94 percent) of the attacks from Indonesia targeted Ports 80 (WWW/HTTP) and 443 (HTTPS/SSL), potentially indicating aggressive botnet activity,” Akamai said in its report.

DDoS continues to rise in general, with 208 attacks reported by Akamai customers in Q1 2013, compared to 200 in the previous quarter. The Izz ad-Dim al-Qassam Cyber Fighters (aka QCF) and Operation Ababil were the source of 72 of those attacks, many of which knocked front-facing sites of major US banks offline.

Financial services and retail sites remain two of the most popular targets of DDoS.

As shown in Imperva’s Web Application Attack Report (WAAR) released today, those two industries are also hit by all kinds of web app attacks. Indeed, retail suffers twice as many SQL injection attacks as other industries. Retail applications received an average of 749 individual attack requests per campaign, Imperva said.

“While most of the 70 web applications monitored were attacked a significant amount, some received an astounding number of attacks – with one application receiving up to an average of 26 per minute,” said Amichai Shulman, CTO of Imperva.

That report also showed the US was the number one source of web attacks, with China in second. The two nations

 What do you know about Internet security? Find out with our quiz!