QSnatch infections are the leading cause of malicious DNS traffic in Asia Pacific, according to latest findings by Akamai
SINGAPORE, March 28, 2023 /PRNewswire/ -- Akamai Technologies, Inc. (NASDAQ: AKAM), the cloud company that powers and protects life online, today announced a new State of the Internet report that focuses on the threats to businesses and consumers in Asia Pacific caused by malicious Domain Name System (DNS) traffic.
Key findings from the Asia Pacific (APAC) report include:
Businesses increasingly threatened by DNS attacks
According to Akamai's data, between 10 percent and 16 percent of organizations globally encounter command and control (C2) traffic in their network in any given quarter. The presence of C2 traffic indicates the possibility of an attack in progress, or a breach, and threats range from information stealing botnets to Initial Access Brokers (IABs) who sell unauthorized access to breached networks to other cyber criminals.
In APAC, 15 percent of affected devices have reached out to known IAB C2 domains – such as Emotet – who conduct the initial breach before selling access to ransomware groups like Lockbit and other cybercriminal groups. The region also saw ransomware variants like Revil and Lockbit move into the top five types of C2 threats affecting devices across all organizations.
Network-attached storage devices are ripe for exploitation as they are less likely to be patched and they hold troves of valuable data. Akamai data shows almost 60 percent of affected devices in APAC were infected with Qsnatch - an infostealer malware targeting NAS devices - in 2022, making this region second only to North America in terms of number of infections. With a large concentration of data centers situated in APAC, as well as the popularity of NAS devices in the small an medium enterprises segment, these factors most likely increased the number of infections overall.
"As Asia Pacific continues to accelerate its evolution as a global hub for economic and digital transformation, it is thus no surprise that attackers continue to explore any way to attack enterprises for financial gain. Akamai's latest findings not only highlight the most prevalent attacks in each region, but also that multi-stage attacks have become a staple of the modern cyber landscape in our region. Threat Actors are finding increased success when they work together or when they can combine various tools in a single attack. A C2 infrastructure is pivotal in the success of these attacks as they can be used for communication as well as to facilitate downloading a payload and the next-stage malware to move the attack onward," explained Reuben Koh, Director of Security Technology and Strategy, APJ at Akamai.
"It is crucial that organizations stay ahead of bad actors because of the detrimental impact that multi-stage attacks can have on their businesses. More than the immediate impacts of direct financial loss, and loss of customer confidence and trust, there is also the long-term costs to recover compromised infrastructure, such as legal, reimbursement and clean-up costs," he continued.
Homeowners to be on high alert for DNS Attacks
According to Akamai's data, APAC had the highest number of queries flagged in relation to the home network threats in the second half of 2022. The region had twice the number as compared to North America – the second most region with flagged queries.
In APAC, more than 350 million queries related to Pykspa were observed, a threat that spreads through Skype by sending malicious links to the affected users' contacts. Its backdoor capabilities allow an attacker to connect to a remote system and execute arbitrary commands such as download files, terminate processes, and propagate through various means, including mapped drives and network shares.
Phishing campaigns are also actively targeting financial brands in APAC to lure in unsuspecting consumer phishing victims. Akamai's research found that over 40% of all phishing campaigns were focused on financial services customers, resulting in close to 70% of all victims suffering from finance-related phishing scams and attacks. This clearly indicates that attacks against financial services and their customers were highly effective in 2022.
"Beyond the personal consequences that home users face of potentially losing all their data when their networks are compromised, there are far more insidious consequences if their devices become part of a massive botnet with attackers mobilizing zombie devices to perform cybercriminal activities without the user's knowledge, like spamming and even launching DDoS attacks against organizations," said Reuben Koh, Director of Security Technology and Strategy, APJ at Akamai.
"It is unsurprising that we are seeing the rise of such attacks in our region, with Asia Pacific accounting for over 1.2 billion people accessing mobile internet services today1, and with IoT spending forecasted to reach $436 billion in 20262. The continuing increase in mobile and smart device use and adoption in the region is likely to foreshadow the increase in such attacks, which requires home users to be on high alert to avoid falling victim to cyberattacks," he continued.
Advice to business and home users
View original content:https://www.prnewswire.com/in/news-releases/qsnatch-infections-are-the-leading-cause-of-malicious-dns-traffic-in-asia-pacific-according-to-latest-findings-by-akamai-301782869.html