In its report at the 2022 RSA Conference, Akamai Technologies released three research reports focusing on the most important web security, ransomware, web applications and APIs, and DNS traffic.
By analyzing trillions of data points across multiple platforms, Akamai's research team uncovers new findings about the behavior of threat actors through traffic and popular attack techniques.
These three reports link the most prominent security trends and provide an accurate map of the modern attack landscape. Recent analysis of ransomware attack trends highlights risks and recommends mitigation, while analysis of web application attack trends and APIs provides an overview of the infection vectors used by ransomware perpetrators and others.
DNS analysis completes the report with an overall picture of the attack analyzed using one of the most basic techniques on the internet.
The analysis, compiled by Akamai's team of cybersecurity experts, focuses on trends and attack techniques and solutions to address the most worrisome cybersecurity issues of modern times. Highlights of each report include:
Akamai Ransomware Threat Report: As Ransomware-as-a-Service (RaaS) attacks, including attacks from the Conti ransomware group, continue to increase, Akamai analyzes and discovers the most recent and effective components of ransomware attackers' methodologies, tools, and techniques. Here are the main findings:
Sixty percent of Conti's successful attacks are carried out against US companies, another 30% occur in the European Union.
The analysis of the industry under attack highlights risks to supply chain disruptions, impacts to critical infrastructure and supply chain cyberattacks.
Most of Conti's successful attacks targeted businesses with $10-250 million in revenue, suggesting that the "most successful" target range is small and medium-sized companies.
The group's tactics, techniques and procedures (TTP) are well known, but they are still very effective - even if they are not used by other hackers. However, such attacks can also be prevented with proper mitigation.
In his documentation on hacking and practical propagation, Conti emphasizes that network defense officers should not only focus on the encryption phase, but also on identifying the structure of the attack.
Akamai Web Application & API Threat Report: As of the first half of 2022, Akamai is observing a drastic increase in web application and API attacks globally, with more than nine billion attack attempts to date. Here are details of each of the key observations the company made:
Annual web application attack trials against customers increased by over 300% during H1, the largest increase Akamai has ever observed.
LFI attacks have now outnumbered SQLi attacks as the most dominant WAAP attack vector, increasing by almost 400% year over year.
Trade was the most impacted area with 38% of new attack activity, while technology experienced the highest growth through 2022.
Akamai DNS Traffic Insights Threat Report: Based on research by Akamai researchers who analyze more than 7 trillion DNS queries daily while proactively identifying and countering malware, phishing ransomware and botnet threats:
Out of 10 monitored devices, more than 1 device communicated at least once with a malware, ransomware, phishing, or command and control (C2)-related domain.
The phishing traffic shows that most victims are targeted by scams that abuse and impersonate the brands of technology and financial companies, successfully defrauding victims by 31% and 32%, respectively.
Based on research that analyzed more than 10,000 malicious JavaScript samples - sample dropper malware threat impersonators, phishing pages, or scammer and cryptominer malware - at least 25% of the test samples used JavaScript obfuscation techniques to avoid being detected.
"This new report provides a detailed overview of some of the most worrying issues facing organizations today," said Ofri Ziv, Akamai Senior Director of Security Research.
"Thanks to Akamai's unbeatable visibility across most global threat landscapes, our research team is able to analyze and relate events that other groups rarely pay attention to. As threats continue to evolve, we hope that the community will understand the focus areas of threat actors and how to protect them from various new threats," he concluded.