Cyberattacks seem to be a growth industry in Indonesia, with the region having pushed China off the top spot as the leading source of attack traffic in the last quarter, according to internet services provider Akamai.
In the second quarter of 2013, Indonesia nearly doubled its attack traffic from 21% to 38% of the global total. The attacks are measured by hidden “agents” maintained by Akamai, concealed across the internet – which log connection attempts. Between them, China and Indonesia now account for nearly half the attack traffic in the world. China generates 33%.
[Update, October 23: ESET security researcher Lysa Myers takes a closer look at the Indonesian traffic.]
According to PC world, the rise of Asia-Pacific as a source of attacks has been rapid – Asia Pacific now accounts for 89% of attacks, compared to 56% in the fourth quarter of 2012.
Akamai acknowledged that it is difficult to track where attacks originate from, “as the source IP address may not represent the nation in which the attacker resides.For example, an individual in the United States may be launching attacks from compromised systems anywhere in the world.”
The rapid rise of Indonesia as a source of attacks is highly unusual, according to a Bloomberg report. Less than a year ago, the country accounted for just 1% of global attacks. Akamai also noted that the speed of the average internet connection in Indonesia had increased 125% in the last quarter. Bloomberg commented that this could allow cybercrime to “run rampant. Tifatul Sembiring, the country’s IT minister, said that cybersecurity would become a national priority, according to Bloomberg.
In Akamai’s last report, for the first quarter of 2012, author David Belson cautioned against drawing conclusions about the Indonesian figures, ““Its entirely possible that the system that’s contacting Akamai is being used as a proxy or a waypoint by an attacker that is located somewhere else. So in Indonesia, for instance, it may be the case that for some reason there are a number of end-user systems that have been compromised and are under the control of a hacker in Russia or somewhere else,” says Belson.
The United States remained in third, despite dropping from 6,9% to 8.9%.
DDoS attacks also rose, according to the company, “In the second quarter of 2013, Akamai customers reported 318 attacks, a 54 percent increase over the 208 reported in the first quarter. At 134 reported attacks, the Enterprise sector continued to be the leading target of DDoS attacks, followed by commerce, media, hi-tech and public sector.”
Akamai also noted the actions of the Syrian Electronic Army, saying that the high-profile attacks all followed a similar pattern, “The attacks all employed similar spear-phishing tactics in which internal email accounts were compromised and leveraged to collect credentials to gain access to targets’ Twitter feeds, RSS feeds and other sensitive information.”
Author Rob Waugh, We Live Security