Between 10% and 16% of organizations have exhibited signs of malicious command control (C2) during 2022, according to a report from cloud security and content delivery provider Akamai Technologies. The finding suggests that those companies may have had network breaches.
The report, entitled “Attack Superhighway: Analyzing Malicious Traffic in DNS,” classifies malicious DNS attacks into three main categories: C2, malware and phishing and command.
The company observes almost 7 trillion DNS requests daily.
Key findings from the report:
- Twenty-six percent of affected devices have attempted to reach out to known initial access brokers (IAB) C2 domains, including Emotet-related domains. IABs’ primary role is to initiate the breach and sell access to ransomware and other cybercriminal groups.
- Network-attached storage (NAS) devices are less likely to be patched, which is dangerous because they hold lots of valuable data. Akamai found attackers are going after NAS devices using QSnatch, a large botnet. Thirty-six percent of affected devices show traffic leading to C2 domains related to this threat.
- Attacks on home networks are targeting mobile phones and IoT devices, as well as traditional devices such as computers. A significant amount of attack traffic can be correlated with mobile malware and IoT botnets.
Akamai mentions several specific dangers, including Emotet, which it says is one of the most dangerous of cybercrime services, and QSnatch, which targets backups or file storage and which is the largest botnet threat to enterprises.
The report advises organizations to take note of regional threats as the organizations consider their focus and vulnerability management strategies.
“This new report shows the massive range of cybercrime in the modern threat landscape,” Steve Winterfeld, Advisory CISO at Akamai, said in a press release. “Attackers are unfortunately finding success when they leverage as-a-service hacking tools and are able to combine various tools in a single integrated multi-stage attack. Attack Superhighway details methodologies and analyzes indicators of these types of attacks while offering recommendations for mitigating them.”
Some threats are longstanding and sophisticated. Last June, Lumen Technologies’ Black Lotus Labs found a remote access Trojan (RAT) that targeted remote workers via their small office/home office (SOHO) devices. It had gone undetected for almost two years.
