Internet attacks can come from any country in the world at any given point in time. Over the course of the first quarter of 2011, Akamai’s latest State of the Internet report found one country to be the source of more attack traffic than any other.
Myanmar, the country formerly known as Burma, now tops the list, representing 13 percent of all attack traffic observed by Akamai. Myanmar’s top billing is particularly suprising given that the small south Asian country did not rank in the top ten originating countries for attack traffic at the end of 2010.
The U.S. came in second at 10 percent up from 7.3 percent in the fourth quarter of 2010. Taiwan was third at 9.1 percent, Russia fourth at 7.7 percent and China rounds out the top five at 6.4 percent. At the end of 2010, Russia was reportedto be in the top spot for attack traffic accounting for 10 percent of all observed global attack traffic.
“It’s not clear if that attacks from Myanmar are coming from a specific group or if its some kind of botnet that happened to find some unprotected hosts,” David Belson, editor of the Akamai State of the Internet report told InternetNews.com.
Belson noted that it will be interesting to see if the trend on Myanmar leading the list will continue into the second quarter and beyond.
Akamai’s data comes from its own points of presence and is only looking at the last networking hop before a connection comes in. As such, it is possible that Myanmar is being used as a proxy for attacks as opposed to being the origination point itself.
“It could be the case that someone was bouncing attacks through Myanmar,” Belson said. “That would align with some of what we saw with attacks on port 9050.”
Port 9050 is often used for the open source TOR onion router, which is an anonymous proxy networking service. Belson noted that Myanmar’s top billing could be a case of the attack community doing a better job at hiding their tracks.
In terms of ports that are being targeted, Akamai once again reported that port 445 used for Microsoft directory services was the most attacked port, representing 34 percent of attack traffic. Attacks targeting Port 80 and Port 443, for HTTP and HTTPS were up significantly during the quarter. Port 80 attacks accounted for 11 percent of all attack traffic up from 1.5 percent at the end of 2010. Port 443 attacks were reported at 4.7 percent up from 0.2 percent.
Belson wasn’t sure if the Port 443 attacks were directly related to the SSL certificate attackagainst security vendor Commodo earlier this year.
“I don’t know if it was people trying to exploit those certificates or if it was a broader SQL Injection type attack or something else,” Belson said.