Akamai Technologies has announced a new State of the Internet report that focuses on malicious Domain Name System (DNS) traffic. The report, titled, Attack Superhighway: Analyzing Malicious Traffic in DNS, finds that roughly 10-16 percent of organizations have exhibited signs of malicious command and control (C2) indicating a network breach during the past year.
Akamai observes nearly seven trillion DNS requests daily and classifies malicious DNS transactions into three main categories: malware, phishing and command and C2. These attacks present a major threat to both enterprises and home users.
Attack Superhighway analyzes malicious DNS data and links attackers to malware such as Emotet, a malware strain that is now one of the most dangerous cybercrime services and QSnatch, which targets backups or file storage and is the largest botnet threat in enterprise environments.
Additional findings of the report include:
- 26 percent of affected devices have attempted to reach out to known initial access brokers (IAB) C2 domains, including Emotet-related domains. IABs present a large risk to organizations as their primary role is to initiate the breach and sell access to ransomware groups and other cybercriminal groups.
- Network-attached storage devices are ripe for exploitation as they are less likely to be patched and they hold troves of valuable data. Akamai data shows attackers are abusing these devices through QSnatch, a large botnet, with 36 percent of affected devices showing traffic leading to C2 domains related to this threat.
- Attacks on home networks are seeking to abuse not only traditional devices like computers, but also mobile phones and Internet of Things (IoT) devices. A significant amount of attack traffic can be correlated with mobile malware and IoT botnets.
Attack Superhighway also includes regional and industry attack data. While QSnatch is always the leading threat globally, other prevalent attacks vary across regions with Emotet, REvil, Ramnit and Agent Tesla being the other most common attacks. Regional trends are vital for organizations to consider as they decide on a particular threat focus and vulnerability management strategies,
“This new report shows the massive range of cybercrime in the modern threat landscape,” said Steve Winterfeld, Advisory CISO at Akamai. “Attackers are unfortunately finding success when they leverage as-a-service hacking tools and are able to combine various tools in a single integrated multi-stage attack. Attack Superhighway details methodologies and analyzes indicators of these types of attacks while offering recommendations for mitigating them.”
Akamai is holding a two-part webinar where we will offer a closer examination of the DNS traffic for 2022 uncovered in Attack Superhighway. We will cover how we amassed the data as well as key findings and insights. Register here for this free event.