Akamai flags 13 Million malicious domains per month
Content delivery network Akamai found that almost 79 million newly observed domains (NODs) in the first half of the year were malicious. The company says this equals approximately 13 million malicious domains per month, which represents 20.1 per cent of all the NODs that were successfully resolved.
Akamai Security Research said: “Malicious actors often register thousands of domain names in bulk. This way, if one or more of their domains are flagged and blocked (e.g., by our team), they can simply switch to one of the other domains they own. Typically these domain names are created programmatically using a domain generation algorithm (DGA). This automated process is part of what makes these NODs dangerous. It is a persistent way of attacking an organisation.”
Akamai refers to a NOD as any domain that has been queried for the very first time in the past 60 days. It classes malicious as a domain name that resolves to a destination that's intended to phish, spread or control malware, or cause some other online harm.
According to Akamai, it evaluated its NOD detection system against "a large and well-known aggregator of threat intelligence," and found that 91.4 per cent of its detections were missing from the aggregator. It said: "We also found that from the names that we were able to find, more than 99.9 per cent had a 'reputation' of 0, which means these had not yet been tagged as either benign or malicious."
"This demonstrates the need for a multifaceted approach so we get the best of both systems," Akamai's Stijn Tilborghs and Gregorio Ferreira wrote in a research note. "The NOD dataset provides a lot of complementary value, since there is only a very small overlap between its output and other major threat intelligence feeds."
Other companies are also working toward the same goal, including Cisco with its "newly seen domain" detection system that checks DNS logs and flags potential malicious sites, as well as cybersecurity firm Farsight and Palo Alto Networks.