Q2 2017 Akamai State Of The Internet / Security Report Analyzes Re-Emergence Of PBot Malware; Domain Generation … – PR Newswire (press release)

admin on August 25, 2017 Leave a Comment

In the case of PBot, malicious actors used decades-old PHP code to generate the largest DDoS attack observed by Akamai in the second quarter. Attackers were able to create a mini-DDoS botnet capable of launching a 75 gigabits per second (Gbps) DDoS attack. Interestingly, the Pbot botnet was comprised of a relatively small 400 nodes, yet still able to generate a significant level of attack traffic.

Another entry on the "everything old is new again" list is represented by the Akamai Enterprise Threat Research Team's analysis of the use of Domain Generation Algorithms (DGA) in malware Command and Control (C2) infrastructure. Although first introduced with the Conficker worm in 2008, DGA has remained a frequently used communication technique for today's malware. The team found that infected networks generated approximately 15 times the DNS lookup rate of a clean network. This can be explained as the outcome of access to randomly generated domains by the malware on the infected networks. Since most of the generated domains were not registered, trying to access all of them created a lot of noise. Analyzing the difference between behavioral characteristics of infected versus clean networks is one important way of identifying malware activity.

When the Mirai botnet was discovered last September, Akamai was one of its first targets. The company's platform continued to receive and successfully defended against attacks from the Mirai botnet thereafter. Akamai researchers have used the company's unique visibility into Mirai to study different aspects of the botnet, most specifically in the second quarter, its C2 infrastructure. Akamai research offers a strong indication that Mirai, like many other botnets, is now contributing to the commoditization of DDoS. While many of the botnet's C2 nodes were observed conducting "dedicated attacks" against select IPs, even more were noted as participating in what would be considered "pay-for-play" attacks. In these situations, Mirai C2 nodes were observed attacking IPs for a short duration, going inactive and then re-emerging to attack different targets.

"Attackers are constantly probing for weaknesses in the defenses of enterprises, and the more common, the more effective a vulnerability is, the more energy and resources hackers will devote to it," said Martin McKeay, Akamai senior security advocate. "Events like the Mirai botnet, the exploitation used by WannaCry and Petya, the continued rise of SQLi attacks and the re-emergence of PBot all illustrate how attackers will not only migrate to new tools but also return to old tools that have previously proven highly effective."

By the Numbers:

Other key findings from the report include:

A complimentary copy of the Q2 2017 State of the Internet / Security Report is available for download at http://akamai.me/2i9vrdz. Download individual charts and graphs, including associated at http://akamai.me/2w6mI1v.

MethodologyThe Akamai Second Quarter, 2017 State of the Internet / Security Report combines attack data from across Akamai's global infrastructure and represents the research of a diverse set of teams throughout the company. The report provides analysis of the current cloud security and threat landscape, as well as insight into attack trends using data gathered from the Akamai Intelligent Platform. The contributors to the State of the Internet / Security Report include security professionals from across Akamai, including the Security Intelligence Response Team (SIRT), the Threat Research Unit, Information Security, and the Custom Analytics group.

About AkamaiAs the world's largest and most trusted cloud delivery platform, Akamai makes it easier for its customers to provide the best and most secure digital experiences on any device, anytime, anywhere. Akamai's massively distributed platform is unparalleled in scale with over 200,000 servers across 130 countries, giving customers superior performance and threat protection. Akamai's portfolio of web and mobile performance, cloud security, enterprise access, and video delivery solutions are supported by exceptional customer service and 24/7 monitoring. To learn why the top financial institutions, e-commerce leaders, media & entertainment providers, and government organizations trust Akamai please visit http://www.akamai.com, blogs.akamai.com, or @Akamai on Twitter.

View original content with multimedia:http://www.prnewswire.com/news-releases/q2-2017-akamai-state-of-the-internet--security-report-analyzes-re-emergence-of-pbot-malware-domain-generation-algorithms-relationship-between-mirai-command--control-and-attack-targets-300507459.html

SOURCE Akamai Technologies, Inc.

http://www.akamai.com

Originally posted here:
Q2 2017 Akamai State Of The Internet / Security Report Analyzes Re-Emergence Of PBot Malware; Domain Generation ... - PR Newswire (press release)

Related Posts
Posted in Internet Security

Comments are closed.