Criminals are registering millions of malware-spreading domains every month
To detect malicious domains, a multifaceted approach is needed, Akamai says
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Every month, cybercriminals register roughly 13 million domains to be used to host and distributemalware, in phishing campaigns, or otherwise malicious activities.
This is according to cybersecurity researchers at Akamai, which claims to have flagged some 79 million brand new, malicious domains in the first half of 2022 alone.
Not only is that some 13 million domains a month, but a fifth (20%) of all successfully resolving new domains seem to be malicious.
Analyzing the data
Outlining its research, Akamai said it looked, first and foremost, at a dataset of domains that were queried for the first time, in the last 60 days. This dataset, the company explains, “is where you find freshly registered domain names, typos, and domains that are only very rarely queried on a global scale."
Given the size of new domains, and the speed at which new ones are being generated, Akamai could not possibly analyze each one manually. Instead, it took multiple approaches, one being cross-checking new domains with a list of known domain generation algorithms that Akamai built (together with the cybersecurity community) into a 30-year predictive list.
Besides, Akamai used “more than 190 NOD-specific detection rules,” and credits most of its detections to these rules. Allegedly, its false positive rate for the 79 million domains analyzed was 0.00042%.
“We also found that from the names that we were able to find, more than 99.9 percent had a ‘reputation’ of 0, which means these had not yet been tagged as either benign or malicious,” Akamai said.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
There are more malicious domains online than ever before>Tackling malicious domains and typosquatting>Check out our list of the best cloud firewalls right now
To conclude, the company said that a multifaceted approach is needed, as one method alone will not be able to properly determine malicious domains with precision.
“This demonstrates the need for a multifaceted approach so we get the best of both systems,” said Stijn Tilborghs and Gregorio Ferreira of Akamai. “The NOD dataset provides a lot of complementary value, since there is only a very small overlap between its output and other major threat intelligence feeds.”
Via:The Register
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Dangerous Android banking malware looks to trick victims with fake money transfers
Sophos Firewall hack on government network used an all-new custom malware
Don’t wait until Black Friday, this year’s best Nintendo Switch bundles are on sale now
