In the same month that Ukrainian officials claimed Russia is planning a massive cyberattack on critical infrastructure against the country or one of its allies, Akamai reported finding 79 million new malicious domains in the first half of this year. The security, cloud and CDN provider offered some insights into a looming cyberthreat. In a report published at the end of September, Akamai said it has seen a significant uptick in the number of malicious, newly observed domains (NOD) on its CDN. The company said NOD-based threat detection gives the company a means to assess the “long tail” of DNS queries to identify new threats in a very early phase. Akamai defines a NOD as a domain name queried for the first time within a 60-day window.
Threat actors typically register thousands of domain names simultaneously so if any are blocked, they can move to a backup. The names are created via a domain generation algorithm (DGA), which makes it easier to automate an attack.
Akamai noted in the two weeks before Russia invaded Ukraine it identified a steady rise in malicious NODs, peaking at 40,000 flagged per day. Ukrainian government officials recently said Russia is planning a cyberwarfare attack aimed at its own critical infrastructure and potentially allies’ assets. Specifically, Ukrainian officials said they anticipates Russia to lodge “massive cyberattacks” in an effort to elevate the impact of missile strikes on electrical facilities. Ukraine also alerted allies, particularly Poland and neighbouring allies to expect an increase in Distributed Denial of Service (DDoS) attacks.
The Akamai reality
Akamai’s CacheServe software processes more than 80 million DNS queries per second from around the world. That adds up to 7 trillion requests per day. The company’s Security Research team assesses an anonymized subset of the total number of DNS queries to identify potential threats before an attack.
The Akamai Security Research team applies a combination of heuristic analysis, phishing detection, and the domain name generation (DGA) database to identify malicious NODs. The provider also tracks unresolved DNS queries (NXDOMAIN) because most domains malware attempts to connect through are unregistered. The result is an outsized data set but one that Akamai said is more representative of reality.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below formBy GlobalData