Indonesia has emerged as the number two source of cyber attacks, following closely behind the usual suspect, China.
A recent report by cloud platform provider Akamai has revealed that, although the last three months of 2012 saw Indonesia hosting a mere .7% of hacking activity across the Internet, in the first three months of 2013, this figure jumped to a whopping 21%.
The report also showed that China still enjoys the dubious position of number one, accounting for a full 34% of attacks, with the US claiming third place, with 8.3%, followed by Turkey, at 4.5%, and Russia, with 2.7%.
The company says it has a distributed set of unadvertised agents deployed across the Web that log connection attempts, classified by Akamai as attack traffic. The data collected by these agents forms a basis for Akamai to identify the top countries from which attack traffic originates.
However, Akamai says the originating country, as identified by the source IP address, does not necessarily represent the nation in which an attacker resides. Someone in the US could be launching attacks from compromised systems in a completely different location.
The company says the leap in activity from Indonesia does not mean hackers are packing their bags and heading to that country, but is more likely a sign that hacking collectives are using Indonesian servers for botnet operations and similar.
According to a blog by Foreign Policy, this illustrates the problem of accurate attribution. It cites a scenario in which a large financial institution finds its servers under siege by an attack emanating from a server in Shanghai.
From the data it has, the company could conclude that the Chinese government is attempting to steal its sensitive information. However, IP attribution is in itself insufficient to accurately determine an attacker's identity, as the attack could have easily been bounced off servers around the world to hide the real location of the attackers.
Share