Public awareness of cybercrime and its impact is at an all-time high as businesses and individuals alike deal with new waves of ever-more sophisticated malware attacks. Phishing scams, DDoS, IoT and ransomware attacks – all are making their presence felt in new and increasingly disruptive ways.
According to an extensive new study from Nominum, a CIRA partner and global leader in DNS-based security, cybercrime has reached unprecedented – and alarming – new levels in 2017.
Nominum's head of data science and security research, Yuriy Yuzifovich, recently joined CIRA's Mark Gaudet for a CIRA-sponsored webinar to discuss some of the key trends and findings contained in Nominum's Spring 2017 “Data Revelations” report. The report is the culmination of an in-depth analysis of the state of the cyber security landscape conducted by Yuriy and his data science team over the previous six months.
As Yuriy explains during the webinar, Nominum is uniquely positioned to conduct this type of analysis on the rapidly evolving domain of cybercrime. It has access to a vast data store of DNS queries – its servers process upwards of 100 billion DNS queries every day – and it continues to improve its DNS-based security algorithms so it can detect and neutralize new threats as quickly and effectively as possible.
Malicious queries are growing exponentially
Among the key findings outlined by Yuriy in the webinar is the rapid increase in malware queries seen over the first several months of 2017. As part of its research, Nominum conducted a comprehensive analysis of 15 trillion DNS queries to uncover domains hosting any form of malware, along with any DNS queries being made to these domains.
Its analysis revealed that the number of queries to malicious domains is growing exponentially. In fact, the average number of malicious queries per day increased by 404% over the previous twelve months.
During the month of February 2017, the median number of malicious queries per day was 101 million. The highest number of malicious queries measured during a single day, also recorded in February, was 217 million. By contrast, in the six-month period covered by Nominum's Fall 2016 Data Revelations report, there was not a single day during which 100 million or more queries to malicious domains were recorded.
In Q2 2017 median malicious queries grew to an all time high of 101 million per day
While the number of queries to malicious domains is increasing, the number of new malicious domains is likewise growing, in part owing to the use of domain generation algorithms (DGA) by hackers. During the reporting period, monthly growth in the number of new domains hosting malware was 18%.
As Yuriy points out in the webinar, Nominum's data scientists attribute the growth in malicious domains and queries to several factors. The number of new threats is steadily growing as more and more hackers and cybercriminals continue to introduce new bots and malware at regular intervals; the commercialization of malware (such as the Locky strain of ransomware) is making it easier than ever before for hackers to launch successful attacks with minimal effort; and cybersecurity experts like Nominum are continuing to refine and improve the tools and methods they use to detect new types of malware.
Ransomware, Phishing, and PRSD attacks also on the rise
Growth in malicious domains and queries, is only part of the story. Nominum also reports a significant upsurge in other types of cyberattacks, including ransomware attacks, phishing scams, and PRSD attacks.
The first of these, ransomware attacks, grew 270% since the release of Nominum's Fall 2016 report. This notable increase aligns with another important finding highlighted in the webinar: the largest proportion of all malware threats – 28 percent – are now motivated by financial theft, of which ransomware is the leading variety.
Types of attacks showing financial theft (including ransomware) being the leading reason at 28% of all types
Nominum's research also indicates significant growth in another form of DNS-related attack. Pseudo Random Subdomain, or PRSD attacks, are a form of DDoS attack in which an attacker floods the DNS server with requests for multiple non-existent domains. The incidence of these types of attacks increased 68% in the first three months of 2017 over the previous three-month period.
Conclusion - threats are growing and so too should defence in depth strategies
These are some of the key highlights from our joint webinar with Nominum, all of which point to a future where cyber threats continue to grow and evolve, giving hackers the weapons to launch increasingly effective attacks over time. These findings should also prompt businesses to re-examine their defenses against cybercrime to avoid potentially catastrophic consequences. This includes updating, "defence in depth" strategies where multiple layers of security are used to protect the core and to protect each other. These should consider multipe solutions, from multiple vendors and with multiple source data feeds to optimize protection.
If you would like a personalized webinar for your team, you can book a meeting with us here. To learn more about the findings from Nominum's Spring 2017 Data Revelations report, you can view the report in its entirety online.