The web gains 13 million malicious new domains per month:
Akamai reckons that, in the first half of 2022 alone, it flagged nearly 79 million newly observed domains (NODs) as malicious.
According to the internet infrastructure giant, that amounts to 13 million malicious domain detections per month, equal to 20 percent of all successfully resolving NODs.
For Akamai's purposes, a NOD is any domain that has been queried for the very first time in the past 60 days. And by malicious, it means, a domain name that resolves to a destination that's intended to phish, spread or control malware, or cause some other online harm.
"[The NOD dataset] is where you find freshly registered domain names, typos, and domains that are only very rarely queried on a global scale," Akamai said. That list grows by approximately 12 million NODs per day, we're told, far more than a reasonable team of humans could hope to scan.
Akamai's methods of determining which domains are malicious or not are pretty straightforward. For one approach, it looks at a list of known domain generation algorithms (DGAs) that, with help credited to the greater cybersecurity community, Akamai was able to build into a 30-year predictive list it can use to identify DGA-registered domains.
DGA domains are often used by cybercriminals to share malware, host phishing pages, and the like, as they can be registered in bulk for even short-lived campaigns. The idea being that if you need a bunch of random-looking domain names from which to launch attacks, run botnet command-and-control servers, or host malicious pages, you don't want those domains to be easily guessed and blocked by, say, network security filters. So you have an algorithm that generates a deterministic series of domains, registers them, and your malware or phishing operation out in the wild can predict the domains they need to use at a given moment and connect to them.
[...] Akamai claims it only had a 0.00042 percent false positive rate among the 79 million malicious NODs it detected in the first half of the year.
(Score: 1, Interesting) by Anonymous Coward on Saturday October 01 2022, @11:57AM
From the Akamai link:
> How do we know a rule doesn’t create false positive results? The team’s experience plays a big part here. Throughout the years, the rules have certainly caused a fair number of false positives. We have a reporting mechanism in place for our customers so any errors can be analyzed and dealt with quickly.
>
> In the first half of 2022, of the 79 million flagged domains resulting from the heuristic analysis, we later found 329 false positives. This amounts to a false discovery rate of 0.00042%.
Has anyone had a domain swept up in this?
(Score: -1, Spam) by Anonymous Coward on Saturday October 01 2022, @05:18PM (2 children)
1/3 of those domains belongs to a dead guy. Graeci delenda est.
(Score: 0, Spam) by moquant on Saturday October 01 2022, @11:20PM (1 child)
Seems most of them are aristarchus domains.
Fugax expiratus
(Score: 0) by Anonymous Coward on Sunday October 02 2022, @07:24AM
In all seriousness I can't tell if this is sarcasm, humor or something else
(Score: 1, Touché) by Anonymous Coward on Saturday October 01 2022, @05:55PM (1 child)
How many of them hosted porn? Asking for a friend ...
(Score: 1, Interesting) by Anonymous Coward on Sunday October 02 2022, @07:20AM
Looking at the domains loaded by streaming video services a lot of them are probably temp domains for this purpose