Criminals are registering millions of malware-spreading domains every month

News
By Sead Fadilpašić
published

To detect malicious domains, a multifaceted approach is needed, Akamai says

Zero-day attack
(Image credit: Shutterstock.com)

Every month, cybercriminals register roughly 13 million domains to be used to host and distribute malware, in phishing campaigns, or otherwise malicious activities.

This is according to cybersecurity researchers at Akamai, which claims to have flagged some 79 million brand new, malicious domains in the first half of 2022 alone. 

Not only is that some 13 million domains a month, but a fifth (20%) of all successfully resolving new domains seem to be malicious. 

Analyzing the data

Outlining its research, Akamai said it looked, first and foremost, at a dataset of domains that were queried for the first time, in the last 60 days. This dataset, the company explains, “is where you find freshly registered domain names, typos, and domains that are only very rarely queried on a global scale." 

Given the size of new domains, and the speed at which new ones are being generated, Akamai could not possibly analyze each one manually. Instead, it took multiple approaches, one being cross-checking new domains with a list of known domain generation algorithms that Akamai built (together with the cybersecurity community) into a 30-year predictive list. 

Besides, Akamai used "more than 190 NOD-specific detection rules,” and credits most of its detections to these rules. Allegedly, its false positive rate for the 79 million domains analyzed was 0.00042%. 

"We also found that from the names that we were able to find, more than 99.9 percent had a 'reputation' of 0, which means these had not yet been tagged as either benign or malicious," Akamai said.

Read more

> There are more malicious domains online than ever before

> Tackling malicious domains and typosquatting

> Check out our list of the best cloud firewalls right now

To conclude, the company said that a multifaceted approach is needed, as one method alone will not be able to properly determine malicious domains with precision.

"This demonstrates the need for a multifaceted approach so we get the best of both systems," said Stijn Tilborghs and Gregorio Ferreira of Akamai. "The NOD dataset provides a lot of complementary value, since there is only a very small overlap between its output and other major threat intelligence feeds." 

  • These are the best ways to protect from ransomware today

Via: The Register

Sead Fadilpašić
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.