Site icon TechNewsBoy.com

Criminals are registering millions of malware-spreading domains every month

Scott Marlette

Every month, cybercriminals register roughly 13 million domains to be used to host and distribute malware (opens in new tab), in phishing campaigns, or otherwise malicious activities.

This is according to cybersecurity researchers at Akamai, which claims to have flagged some 79 million brand new, malicious domains in the first half of 2022 alone. 

Not only is that some 13 million domains a month, but a fifth (20%) of all successfully resolving new domains seem to be malicious. 

Analyzing the data

Outlining its research, Akamai said it looked, first and foremost, at a dataset of domains that were queried for the first time, in the last 60 days. This dataset, the company explains, “is where you find freshly registered domain names, typos, and domains that are only very rarely queried on a global scale.” 

Given the size of new domains, and the speed at which new ones are being generated, Akamai could not possibly analyze each one manually. Instead, it took multiple approaches, one being cross-checking new domains with a list of known domain generation algorithms that Akamai built (together with the cybersecurity community) into a 30-year predictive list. 

Besides, Akamai used “more than 190 NOD-specific detection rules,” and credits most of its detections to these rules. Allegedly, its false positive rate for the 79 million domains analyzed was 0.00042%. 

“We also found that from the names that we were able to find, more than 99.9 percent had a ‘reputation’ of 0, which means these had not yet been tagged as either benign or malicious,” Akamai said.

To conclude, the company said that a multifaceted approach is needed, as one method alone will not be able to properly determine malicious domains with precision.

“This demonstrates the need for a multifaceted approach so we get the best of both systems,” said Stijn Tilborghs and Gregorio Ferreira of Akamai. “The NOD dataset provides a lot of complementary value, since there is only a very small overlap between its output and other major threat intelligence feeds.” 
  • These are the best ways to protect from ransomware (opens in new tab) today

Via: The Register (opens in new tab)

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – abuse@technewsboy.com. The content will be deleted within 24 hours.
Exit mobile version