Get updated on ransomware/API threats, as well as malicious trends in DNS traffic such as phishing, malware, crypto mining and scamming
In analyzing trillions of data points across its multiple platforms, an American content delivery network, cybersecurity and cloud services firm has released three separate reports on web security threats across ransomware, web applications and APIs, and DNS traffic.
The analysis centers around attack trends and techniques and addresses today’s most pressing cybersecurity issues.
Highlights from each report are as follows:
- Ransomware threats
With the rise of Ransomware-as-a-Service (RaaS) attacks, including those by the Conti threat group, key findings include:- 60% of successful Conti attacks in the firm’s networks had been conducted on US firms, while 30% had occurred in the European Union, causing possible disruptions to supply chains and critical infrastructure
- Most of the successful Conti attacks analyzed had targeted businesses with US$10–250m in revenue, possibly indicating a range of successful attack targets among small and medium-sized enterprises
- Conti’s tactics, techniques, and procedures are well-known but highly effective and remain at the disposal of other hackers. However, such attacks can be prevented with the right mitigation measures
- Conti’s emphasis in their documentation on hacking and hands-on propagation rather than encryption should drive network defenders to focus on those parts of the kill chain instead of focusing on the encryption phase
- Web application and API threats
Through the first half of 2022, significant increases in web application and API attacks had been observed in the firm’s networks across the globe, with more than 9bn attack attempts to date.- Web application attack attempts against customers had grown by more than 300% year on year in H1 2022, the largest increase ever observed in the firm’s networks
- Local File Inclusion attacks have surpassed SQL injection attacks as the most predominant web application and API protection (WAAP) attack vector in the firm’s networks, increasing by nearly 400% year on year
- Commerce was the most impacted vertical, accounting for 38% of recent attack activity in the firm’s analyses, while attacks on technology has seen the most growth in 2022 metrics
- DNS traffic threats
Analyzing more than 7tn DNS queries per day and proactively identifying and blocking threats such as malware, ransomware phishing and botnets, the researchers found:- More than one of 10 monitored devices communicated at least once to domains associated with malware, ransomware, phishing or command and control
- Phishing traffic showed that most victims had been targeted by scams that abused and mimicked technology and financial brands, which affected 31% and 32% of victims respectively, in the firm’s networks
- According to analyses of more than 10,000 malicious JavaScript samples (representing threats such as malware droppers, phishing pages, scammers and cryptominers’ malware) at least 25% of the examined samples were using JavaScript obfuscation techniques to evade detection
According to Ofri Ziv, Senior Director of Security Research, Akamai Technologies Inc, which commissioned the three reports: “These new reports offer a detailed look into some of the most pressing security issues facing organizations today (and) analyze and correlate events that are seldom seen by other groups. We hope to help the community understand where threat actors are focused and how to better protect themselves from new (continually evolving cyber) threats.”