Akamai Technologies, Inc., the cloud company that enables and protects life online, today announced a new State of the Internet report focused on malicious Domain Name System (DNS) traffic. The report, titled “Attack Superhighway: Analyzing Malicious Traffic in DNS,” finds that about 10-16 percent of organizations have exhibited signs of malicious command and control (C2) over the past year, indicative of a network breach.
Akamai monitors nearly seven trillion DNS requests daily and classifies malicious DNS transactions into three main categories: Malware, Phishing and Command and C2. These attacks pose a major threat to both businesses and private users.
Attack Superhighway analyzes malicious DNS data and connects attackers with malware such as Emotet, a malware strain that is among the most dangerous cybercrime services today, and QSnatch, which targets backups or file storage and is the top botnet threat in corporate environments.
Other findings of the report are:
26 percent of affected devices attempted to reach C2 domains from known Initial Access Brokers (IAB), including Emotet-related domains. IABs pose a major risk to businesses as their main role is to initiate breach and sell access to ransomware groups and other cybercriminal groups.
Network attached storage devices are ripe for exploitation as they are patched less frequently and they contain a lot of valuable data. Akamai data shows attackers are abusing these devices via QSnatch, a large botnet, with 36 percent of affected devices showing traffic destined to C2 domains associated with this threat.
Attacks on home networks are aimed at hijacking not only traditional devices like computers, but also cell phones and Internet of Things (IoT) devices. A significant portion of attack traffic can be correlated to mobile malware and IoT botnets.
Attack Superhighway also includes regional and industry-specific attack data. While QSnatch is always the leading threat globally, other prevalent attacks vary from region to region, with Emotet, REvil, Ramnit, and Agent Tesla being the other most common attacks. Regional trends are critical for organizations when deciding on a specific threat focus and vulnerability management strategies.
“This new report demonstrates the tremendous breadth of cybercrime in the modern threat landscape,” said Steve Winterfeld, Advisory CISO at Akamai. “Unfortunately, attackers thrive when they use as-a-service hacking tools and can combine different tools in a single integrated multi-layered attack. Attack Superhighway describes methodologies and analyzes indicators of these types of attacks and offers recommendations for mitigating them.”