Countries making a sudden leap from dial-up to broadband access are most at risk of playing unwitting host to attack traffic, said Akamai’s chief security officer Andy Ellis.
Ellis cited results from Akamai's state of the Internet report for Q4 2010, which showed Russia, Taiwan, Brazil and China to be the top four countries from which attack traffic generated.
Ellis said in an interview with TelecomAsia that machines most vulnerable to being zombies usually lay in markets where large scale broadband deployments and the abundance of connectivity overshadowed the need for security.
Russia accounted for 10% of all attack traffic observed for the quarter, while the Asia Pacific front saw Taiwan and China combined account for close to 15% of malicious traffic.
“We’re referring to users who have traditionally not lived in an environment where security comes to the forefront,” said Ellis. “Users who don’t patch and who don’t pay attention to the fact that their hard drive is swapping all the time are prime targets for attackers.”
Despite enjoying some of the world’s highest broadband speeds, countries such as Japan and Korea were not as susceptible as both markets embarked on a more gradual adoption of high-speed broadband, added Ellis, noting the last major DDoS to hit Korea occurred in 2009.
Figures from the ITU showed that although 115,044 computers in Korea were infected in the 2009 incident, the number of vaccines (2.58 million) far outstripped the number of zombie bots.
According to Ellis, China and Brazil, whose broadband penetration rates rose respectively by 32% and 27% year-on-year, were likely to continue being targets, particularly due to the rise of attacks targeting machines and software running on non-English languages.
The Akamai report showed that Port 9415 saw increased malicious traffic likely due to a Tencent QQ, a Chinese language IM client that had been targeted by malware. Attacks on Port 22, which accounted for 6.2% of malicious traffic globally, also largely originated in China.
Motivations behind language-specific targeted attacks varied, Ellis said. Attackers could simply want to saturate links in an out of a particular country, or could merely be formulating such attacks to avoid detection from researchers.
Users and businesses could not simply rely on ISPs for security, said Ellis. “ISPs can block DDoS attacks but they may likely only do so once they realize the attack traffic is increasing costs for them,” he said, adding carriers in markets with newly-launched broadband deployments were unlikely to bother overmuch with attack traffic due to the excess bandwidth available.
Any steps carriers might take to block attacks could also result in annoying legitimate users, and ISPs might be reluctant to take too active a role.
More effective steps ISPs could take include communicating more with one another to better figure ways to secure traffic, like what happens in more mature markets such as the United States, Ellis said. “Many markets have yet to develop an info-sharing model, and it’s even harder to implement this across borders.”