"DNS Data Shows One in 10 Organizations Have Malware Traffic on Their Networks"

During every quarter last year, between 10% and 16% of organizations had DNS traffic originating on their networks towards command-and-control (C2) servers associated with known botnets and various other malware threats, according to a new report by security researchers at Akamai.  The researchers noted that more than a quarter of that traffic went to servers belonging to initial access brokers, attackers who sell access into corporate networks to other cybercriminals.  Akamai operates a large DNS infrastructure for its global CDN and other cloud and security services and is able to observe up to seven trillion DNS requests per day.  Since DNS queries attempt to resolve the IP address of a domain name, Akamai can map requests that originate from corporate networks or home users to known malicious domains, including those that host phishing pages, serve malware, or are used for C2.  According to the data, between 9% and 13% of all devices seen by Akamai making DNS requests every quarter tried to reach a malware-serving domain.  Between 4% and 6% tried to resolve known phishing domains, and between 0.7% and 1% tried to resolve C2 domains.  The researchers stated that based on their DNS data, they saw that more than 30% of analyzed organizations with malicious C2 traffic are in the manufacturing sector.  In addition, companies in the business services (15%), high technology (14%), and commerce (12%) verticals have been impacted.  The top two verticals in their DNS data (manufacturing and business services) also resonate with the top industries hit by Conti ransomware.

CSO reports: "DNS Data Shows One in 10 Organizations Have Malware Traffic on Their Networks"