Home SecurityNetwork Security DNS data indicates increased malicious domain activity, phishing toolkit reuse

DNS data indicates increased malicious domain activity, phishing toolkit reuse

Source Link

New research from cybersecurity vendor Akamai has revealed that 12.3% of monitored devices communicated with domains associated with malware or ransomware at least once during the second quarter of 2022. This represented a 3% increase compared to Q1 2022, the firm stated, with phishing toolkits playing a key role in malicious domain-related activity. The findings are based on DNS data and Akamai’s visibility into carrier and enterprise traffic across different industries and geographies.

Increased malware, phishing, C2 domain activity detected in Q2 2022

In a blog post detailing its research, Akamai stated that, in addition to the devices it detected communicating with domains associated with malware/ransomware, a further 6.2% of devices accessed phishing domains with 0.8% accessing command-and-control (C2)-associated domains (both small increases on Q1 2022). “While this number might seem insignificant, the scale here is in the millions of devices,” the firm wrote. “When this is considered, with C2 being the most malignant of threats, this is not only significant, it’s cardinal.”

Of the potentially compromised devices and different threat categories, 63% of devices were exposed to threats associated with malware activity, 32% with phishing, and 5% with C2, Akamai added. “Access to malware-associated domains does not guarantee that these devices were actually compromised but provides a strong indication of increased potential risk if the threat wasn’t properly mitigated. On the other hand, access to C2-associated domains indicates that the device is most likely compromised and is communicating with the C2 server. This can often explain why the incidence of C2 is lower when compared with malware numbers.”

High tech, financial brands most targeted, mimicked by malicious domain activity

Akamai said that high tech and financial brands were the most targeted, abused and mimicked by malicious domain activity during Q2 2022. As for attack categorization, while the vast majority (80.7%) of campaigns were aimed at consumers, Akamai warned that the 19.3% of attacks against business accounts should not be considered marginal.

“These kinds of attacks are usually more targeted with greater potential for significant damage,” the researchers wrote. “Attacks that target business accounts might lead to a company’s network being compromised with malware or ransomware, or confidential information being leaked. An attack that begins with an employee clicking a link in a phishing email can end up with the business suffering significant financial and reputational damages.”

Phishing kits influential in increased malicious domain activity

Akamai’s research highlighted phishing kits as playing a key role in the malicious domain activity it analyzed. It tracked 290 different phishing toolkits being used in the wild in Q2 2022, with 1.9% reused on at least 72 distinct days. “Further, 49.6% of the kits were reused for at least five days, and when looking into all the tracked kits, we can see that all of them were reused no fewer than three distinct days over Q2,” the firm wrote.

Copyright © 2022 IDG Communications, Inc.

Related Articles

Leave a Comment