Akamai Reports Massive Spike in Malicious Domain Activity

/in


Akamai reported today it identified nearly 79 million malicious domains in the first half of 2022, which collectively represent a little more than 20% of all the newly observed domains (NODs) accessed via its content delivery network (CDN) and other services the company provides.

That roughly equates to 13 million malicious domains per month, the report noted. Akamai researchers also noted that two weeks before Russia’s invasion of Ukraine, a spike in activity led to the identification of nearly 40,000 malicious NODs per day before reaching a peak of more than 250,000 unique malicious .ru domain names per day created in the second half of March.

Gregorio Ferreira, a data scientist for Akamai, said it’s difficult to assess just how many malicious domains there are in the world but it’s apparent the web is increasingly being overwhelmed. On a typical day, Akamai researchers observed approximately 12 million new NODs, of which slightly more than two million successfully resolved a DNS query.

Instances of Akamai CacheServe currently process more than 80 million DNS queries per second, or approximately seven trillion requests per day, from all over the world. Malicious actors often register thousands of domain names in bulk because if one or more of their domains are flagged and blocked, they can simply switch to one of the other domains they own. Most of those domain names are created programmatically using a domain generation algorithm (DGA). Many names in the NOD dataset look like names you’d never type into a browser window. Digits, for example, are often inserted into domain names to reduce the odds an automatically-generated domain has already been registered.

It’s not clear how all these malicious NODs will be operationalized, but it’s apparent that the level of scale at which malicious domains are created is part of a larger, unprecedented cyberwarfare strategy. While the number of malicious NODs being created is going to be a major concern for governments around the world, it’s usually businesses that wind up suffering the most collateral damage. The days when organizations could rely solely on a firewall and endpoint protection software to protect themselves from…

Source…