Akamai has released its Q4 2013 State of the Internet report, which shows that Port 445 (Microsoft-DS) remains the most targeted Internet attack port, with most attack traffic originating from China.
Akamai maintains a distributed set of agents deployed across the Internet that monitor attack traffic.
Based on data collected by these agents, Akamai is able to identify the top countries from which attack traffic originates, as well as the top ports targeted by these attacks.
During the fourth quarter of 2013, Akamai observed attack traffic originating from source IP addresses in 188 unique countries/regions. China remained in the top slot, growing to 43% of observed attack traffic.
Overall attack traffic concentration across the top 10 countries/regions was up slightly from the third quarter, growing to 88% of observed attacks.
Port 445 remained the most targeted port, growing once again and reaching 30% of observed attacks. The volume of attacks targeting Port 80 remained steady at 14%.
During the fourth quarter, Akamai customers reported being targeted by 346 DDoS attacks, 23% more than in the prior quarter, and nearly 75% more than in the fourth quarter of 2012.
Enterprise and Commerce customers together accounted for just under 70% of the reported attacks during the quarter, while just under half of the total attacks were reported by customers in the Americas.
In addition, the fourth quarter saw the rise of a set of attacks in which the Skipfish and Vega Web application vulnerability scanners were used to target a variety of organizations, looking for Remote File Inclusion (RFI) vulnerabilities.