During every quarter last year, between 10% and 16% of companies had DNS traffic originating on their networks towards command-and-control (C2) servers related to recognized botnets and numerous other malware hazards, according to a report from cloud and content delivery network company Akamai.
More than a quarter of that traffic went to servers coming from initial access brokers, opponents who offer gain access to into business networks to other cybercriminals, the report mentioned. “As we examined destructive DNS traffic of both business and home users, we were able to spot several outbreaks and campaigns in the process, such as the spread of FluBot, an Android-based malware moving from country to country worldwide, as well as the frequency of various cybercriminal groups aimed at enterprises,” Akamai stated. “Perhaps the very best example is the significant existence of C2 traffic related to preliminary gain access to brokers (IABs) that breach business networks and generate income from gain access to by peddling it to others, such as ransomware as a service (RaaS) groups.”
Akamai runs a large DNS facilities for its global CDN and other cloud and security services and has the ability to observe up to 7 trillion DNS requests each day. Considering that DNS inquiries attempt to deal with the IP address of a domain name, Akamai can map requests that originate from corporate networks or house users to recognized harmful domains, including those that host phishing pages, serve malware, or are utilized for C2.Malware might impact a very large swimming pool of gadgets According to the information, between 9%and 13%of all gadgets seen by Akamai making DNS demands every quarter, tried to reach a malware-serving domain. In between 4%and 6%tried to solve recognized phishing domains and between 0.7% and 1%tried to resolve C2 domains.The portion for C2 domains might appear little initially glance compared to malware domains however consider we’re talking about a huge pool of devices here, efficient in producing 7 trillion DNS demands per day. A request to a malware-hosting domain does not always equate to an effective compromise due to the fact that the malware may be detected and blocked before it executes on the device. However, an inquiry for a C2 domain recommends an active malware infection.Organizations can have thousands or 10s of thousands of devices on their networks and one single compromised gadget can result in complete
network takeovers, as in a lot of ransomware cases, due to assaulters using lateral motion methods to jump in between internal systems. When Akamai’s C2 DNS data is seen per organization, more than one in 10 organizations had an active compromise in 2015.” Based on our DNS information, we saw that more than 30%of evaluated companies with destructive C2 traffic are in the production sector,”the Akamai researchers said. “In addition, business
in business services( 15 %), high technology (14 %), and commerce(12%)verticals have actually been impacted. The top two verticals in our DNS information (manufacturing and company services )also resonate with the leading industries hit by Conti ransomware.”Botnets account for 44%of destructive traffic Akamai broke the C2 traffic down even more into several classifications: botnets, preliminary access brokers( IABs ), infostealers, ransomware, remote gain access to trojans(RATs), and others. Botnets were the leading classification accounting for 44%
of the malicious C2 traffic, not even taking into account some popular botnets like Emotet or Qakbot whose operators are in business of offering access to systems and were therefore … Source
