The Web Gains 13 Million Malicious New Domains Per Month
upstart writes:
The web gains 13 million malicious new domains per month:
Akamai reckons that, in the first half of 2022 alone, it flagged nearly 79 million newly observed domains (NODs) as malicious.
According to the internet infrastructure giant, that amounts to 13 million malicious domain detections per month, equal to 20 percent of all successfully resolving NODs.
For Akamai's purposes, a NOD is any domain that has been queried for the very first time in the past 60 days. And by malicious, it means, a domain name that resolves to a destination that's intended to phish, spread or control malware, or cause some other online harm.
"[The NOD dataset] is where you find freshly registered domain names, typos, and domains that are only very rarely queried on a global scale," Akamai said. That list grows by approximately 12 million NODs per day, we're told, far more than a reasonable team of humans could hope to scan.
Akamai's methods of determining which domains are malicious or not are pretty straightforward. For one approach, it looks at a list of known domain generation algorithms (DGAs) that, with help credited to the greater cybersecurity community, Akamai was able to build into a 30-year predictive list it can use to identify DGA-registered domains.
DGA domains are often used by cybercriminals to share malware, host phishing pages, and the like, as they can be registered in bulk for even short-lived campaigns. The idea being that if you need a bunch of random-looking domain names from which to launch attacks, run botnet command-and-control servers, or host malicious pages, you don't want those domains to be easily guessed and blocked by, say, network security filters. So you have an algorithm that generates a deterministic series of domains, registers them, and your malware or phishing operation out in the wild can predict the domains they need to use at a given moment and connect to them.
[...] Akamai claims it only had a 0.00042 percent false positive rate among the 79 million malicious NODs it detected in the first half of the year.
Read more of this story at SoylentNews.