Akamai Research Finds Up To 16 Percent of Organizations Exhibited Signs of a Breach in 2022

Rhea-AI Summary

Akamai Technologies (NASDAQ: AKAM) announced a new report titled Attack Superhighway: Analyzing Malicious Traffic in DNS, revealing that 10-16% of organizations showed signs of network breaches over the past year. The report highlights nearly seven trillion daily DNS requests and categorizes attacks as malware, phishing, and command/control. Notably, 26% of affected devices attempted to connect to initial access brokers, while QSnatch botnets targeted vulnerable network-attached storage devices. The report underscores significant threats posed by cybercrime, including various regional attack trends, and emphasizes the importance of proactive vulnerability management.

Positive

• New report reveals 10-16% of organizations showing signs of breaches, providing valuable insights for cybersecurity strategies.
• Akamai observes nearly seven trillion DNS requests daily, enhancing its data-driven security measures.
• The report categorizes threats into distinct segments, aiding organizations in understanding and mitigating risks effectively.

Negative

• 26% of affected devices reached out to initial access brokers, indicating a serious risk of ransomware breaches.
• Network-attached storage devices are particularly vulnerable, with 36% of affected devices showing attempts to connect to C2 domains related to QSnatch.

Report Tracks Global Spread of Malware Such as Emotet and QSnatch.

CAMBRIDGE, Mass., March 14, 2023 /PRNewswire/ -- Akamai Technologies, Inc. (NASDAQ: AKAM), the cloud company that powers and protects life online, today announced a new State of the Internet report that focuses on malicious Domain Name System (DNS) traffic. The report, titled, Attack Superhighway: Analyzing Malicious Traffic in DNS, finds that roughly 10-16 percent of organizations have exhibited signs of malicious command and control (C2) indicating a network breach during the past year.

Akamai observes nearly seven trillion DNS requests daily and classifies malicious DNS transactions into three main categories: malware, phishing and command and C2. These attacks present a major threat to both enterprises and home users. 

Attack Superhighway analyzes malicious DNS data and links attackers to malware such as Emotet, a malware strain that is now one of the most dangerous cybercrime services and QSnatch, which targets backups or file storage and is the largest botnet threat in enterprise environments.

Additional findings of the report include:

• 26 percent of affected devices have attempted to reach out to known initial access brokers (IAB) C2 domains, including Emotet-related domains. IABs present a large risk to organizations as their primary role is to initiate the breach and sell access to ransomware groups and other cybercriminal groups. 
  
  
• Network-attached storage devices are ripe for exploitation as they are less likely to be patched and they hold troves of valuable data. Akamai data shows attackers are abusing these devices through QSnatch, a large botnet, with 36 percent of affected devices showing traffic leading to C2 domains related to this threat. 
  
  
• Attacks on home networks are seeking to abuse not only traditional devices like computers, but also mobile phones and Internet of Things (IoT) devices. A significant amount of attack traffic can be correlated with mobile malware and IoT botnets. 

Attack Superhighway also includes regional and industry attack data. While QSnatch is always the leading threat globally, other prevalent attacks vary across regions with Emotet, REvil, Ramnit and Agent Tesla being the other most common attacks. Regional trends are vital for organizations to consider as they decide on a particular threat focus and vulnerability management strategies,

"This new report shows the massive range of cybercrime in the modern threat landscape," said Steve Winterfeld, Advisory CISO at Akamai. "Attackers are unfortunately finding success when they leverage as-a-service hacking tools and are able to combine various tools in a single integrated multi-stage attack. Attack Superhighway details methodologies and analyzes indicators of these types of attacks while offering recommendations for mitigating them."

Akamai is holding a two-part webinar where we will offer a closer examination of the DNS traffic for 2022 uncovered in Attack Superhighway. We will cover how we amassed the data as well as key findings and insights. Register here for this free event.

For additional information, the security community can access, engage with, and learn from Akamai's threat researchers by visiting the Akamai Security Hub and following the team on Twitter at @Akamai_Research.

About Akamai

Akamai powers and protects life online. Leading companies worldwide choose Akamai to build, deliver, and secure their digital experiences — helping billions of people live, work, and play every day. Akamai Connected Cloud, a massively distributed edge and cloud platform, puts apps and experiences closer to users and keeps threats farther away. Learn more about Akamai's cloud computing, security, and content delivery solutions at akamai.com and akamai.com/blog, or follow Akamai Technologies on Twitter and LinkedIn.

Contacts
Jim Lubinskas
Akamai Media Relations
703.907.9103
jlubinsk@akamai.com 

View original content to download multimedia:https://www.prnewswire.com/news-releases/akamai-research-finds-up-to-16-percent-of-organizations-exhibited-signs-of-a-breach-in-2022-301771085.html

SOURCE Akamai Technologies, Inc.

FAQ

What percentage of organizations showed signs of a breach according to Akamai's report?

Akamai's report indicates that 10-16% of organizations exhibited signs of a breach over the past year.

What is the significance of the 'Attack Superhighway' report by Akamai?

The 'Attack Superhighway' report provides critical insights into malicious DNS traffic and highlights the prevalence of cybercrime attacks.

How many DNS requests does Akamai observe daily?

Akamai observes nearly seven trillion DNS requests each day.

What type of malware is associated with the QSnatch botnet?

The QSnatch botnet primarily targets network-attached storage devices, exploiting vulnerabilities.

What are the implications of the report for organizations?

The report emphasizes the need for proactive vulnerability management and understanding regional cyber threats.