Akamai Reports Massive Spike in Malicious Domain Activity

Akamai reported today it identified nearly 79 million malicious domains in the first half of 2022, which collectively represent a little more than 20% of all the newly observed domains (NODs) accessed via its content delivery network (CDN) and other services the company provides.

That roughly equates to 13 million malicious domains per month, the report noted. Akamai researchers also noted that two weeks before Russia’s invasion of Ukraine, a spike in activity led to the identification of nearly 40,000 malicious NODs per day before reaching a peak of more than 250,000 unique malicious .ru domain names per day created in the second half of March.

Gregorio Ferreira, a data scientist for Akamai, said it’s difficult to assess just how many malicious domains there are in the world but it’s apparent the web is increasingly being overwhelmed. On a typical day, Akamai researchers observed approximately 12 million new NODs, of which slightly more than two million successfully resolved a DNS query.

Instances of Akamai CacheServe currently process more than 80 million DNS queries per second, or approximately seven trillion requests per day, from all over the world. Malicious actors often register thousands of domain names in bulk because if one or more of their domains are flagged and blocked, they can simply switch to one of the other domains they own. Most of those domain names are created programmatically using a domain generation algorithm (DGA). Many names in the NOD dataset look like names you’d never type into a browser window. Digits, for example, are often inserted into domain names to reduce the odds an automatically-generated domain has already been registered.

It’s not clear how all these malicious NODs will be operationalized, but it’s apparent that the level of scale at which malicious domains are created is part of a larger, unprecedented cyberwarfare strategy. While the number of malicious NODs being created is going to be a major concern for governments around the world, it’s usually businesses that wind up suffering the most collateral damage. The days when organizations could rely solely on a firewall and endpoint protection software to protect themselves from malware are over. Not only are cybercriminals working in cahoots with nation-state allies to create more malware than ever, but the sophistication of that malware in terms of its lethality is also steadily increasing.

Akamai is now committing significant resources to applying data science to combat this threat by identifying malicious NODs, said Ferreira. That effort will soon be expanded to include applying machine learning algorithms to the problem, Ferreira added.

It’s too early to say whether the large number of newly-created malicious domains is indeed part of a larger cyberwarfare strategy, but malicious actors are not going to the trouble of creating them for strictly defensive purposes. As such, cybersecurity professionals should assume it’s only a matter of time before those domains are operationalized at much higher levels of scale than ever seen before.

Avatar photo

Michael Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

mike-vizard has 745 posts and counting.See all posts by mike-vizard