Akamai Technologies, Inc. presented three new research reports at the RSA Conference 2022. The reports focus on three of the most critical areas of web security: ransomware, web applications and APIs, and DNS traffic.
For this research, Akamai analysed trillions of data points across its platforms and uncovered new findings on threat actor behaviour via popular attack traffic and techniques. The three reports link the most prominent security trends and paint an accurate map of the modern attack landscape. An up-to-date analysis of ransomware attack trends highlight the risks and suggest mitigation, while an analysis of Web app and API attack trends offers a fresh look at the infection vectors used by ransomware operators and others. An analysis of DNS complements the reports with a view of overall attacks analyzed via one of the internet's most foundational technologies.
The Akamai Ransomware Threat Report found that 60 per cent of successful Conti attacks were conducted on United States companies, while 30 per cent occurred in the European Union. The analysis of the industries attacked highlights the risk of supply chain disruption, critical infrastructure impact, and supply chain cyberattacks. Most successful Conti attacks target businesses with USD 10-250 million in revenue, indicating a “goldilocks” range of successful attack targets among medium and small businesses. The gang’s tactics, techniques, and procedures (TTPs) are well-known, but highly effective – a sobering reminder of the arsenal that is at the disposal of other hackers. But also, that these attacks can be prevented with the right mitigation. Conti’s emphasis in their documentation on hacking and hands-on propagation, rather than encryption, should drive network defenders to focus on those parts of the kill chain as well, instead of focusing on the encryption phase.
Akamai Web Application & API Threat Report revealed that web application attack attempts against customers grew by more than 300 per cent year over year in H1, the largest increase Akamai has ever observed. LFI attacks surpassed SQLi attacks as the most predominant WAAP attack vector, increasing by nearly 400 per cent year over year. The study also found that ‘commerce’ is the most impacted vertical, accounting for 38 per cent of recent attack activity, while technology has seen the most growth so far in 2022.
While the Akamai DNS Traffic Insights Threat Report found that more than 1 of 10 monitored devices communicated at least once to domains associated with malware, ransomware, phishing or command and control (C2). Phishing traffic showed that most victims were targeted by scams that abused and mimicked technology and financial brands, which affected 31 per cent and 32 per cent of the victims, respectively. According to research that analyzed more than 10,000 malicious JavaScript samples — representing threats like malware droppers, phishing pages, scammers and cryptominers’ malware — at least 25 per cent of the examined samples used JavaScript obfuscation techniques to evade detection.
“These new reports offer a detailed look into some of the most pressing security issues facing organizations today,” said Ofri Ziv, Akamai's Senior Director of Security Research. “Akamai’s unparalleled visibility across much of the global threat landscape allows our researchers to analyze and correlate events that are seldom seen by other groups. We hope to help the community understand where threat actors are focused and how to better protect themselves from new threats as these threats continue to evolve.”