Akamai’s perspective on the state of DNS threats.

Malevolent destinations and the disturbing frequency of our attraction to them.

Akamai’s DNS Threat Report for Q3 2022 has found that 14% of devices connected to a malicious destination at least once during the quarter. The researchers state, “Breaking down these potentially compromised devices further, 59% of devices were communicating with malware or ransomware domains, 35% were communicating with phishing domains, and 6% were communicating with command and control domains (C2 )”.

Akamai adds, “Comparing Q3 2022 results with Q1 and Q2 2022 results, we can see stability across all categories with some increase on the C2 front. As we are unable to attribute this increase to a specific attack campaign, we attribute it to seasonal changes in the threat landscape. It’s also possible that the increase could be attributed to an increase in vulnerable devices.

The report also looked at phishing kits and found that the most spoofed brands were Adobe and M&T Bank:

“According to Akamai research that tracked 299 different phishing toolkits used in the wild to launch new attack campaigns, in Q3 2022, 2.01% of tracked kits were reused for at least 63 separate days (Figure 5). Additionally, 53.2% of kits were reused to launch a new attack campaign on at least five days, and 100% of tracked kits were reused on no less than three separate days during Q3. »

Akamai also notes that phishing campaigns will increase as the holiday season approaches, so this unfortunate trend will in all likelihood see a seasonal revival.

Previous DNS over HTTPS: Is Encrypted DNS Slower?
Next Both Sides of DNS Abuse - DNW Podcast #383 - Domain Name Wire