Research has been conducted by Akamai around Command and control (C2) traffic to understand prevalent threats in corporate and home networks. According to their findings between 10% and 16% of organisations have encountered C2 traffic within their networks in any given quarter. This may be indicative of malware attempting to communicate with an operator and is a potential sign of a breach.
26% of affected devices have reached out to initial access broker (IAB) C2 domains, including Emotet and Qakbot-related domains. The initial access brokers present a significant risk to organisations as their main role is to complete the initial breach and then sell this access on to cyber criminal groups or ransomware groups.
30% of affected organisations are within the manufacturing sector, the cybercriminals predominant aim is to disrupt their services have a wider knock on effect to multiple other organisation through disrupting the supply chains.
DNS have been identified as a highway for attack traffic, ransomware groups and cybercriminals are leveraging DNS to facilitate the breaches of networks to be able to move laterally. C2 can be used to facilitate an attack in progress, to download the next-stage malware and other payloads, and to establish backdoor access. These transactions and attack traffic often pass through the Domain Name System (DNS).
DNS is often seen as the interaction between users and websites, it can, in fact, contain large amounts of malicious traffic, and act as an important part of the attack’s infrastructure.
A Zero Trust mindset should be adopted and we must consider where and how attacks can be disrupted, and where to apply these principles. Zero Trust is a network security strategy based on the philosophy that no person or device inside or outside of an organization’s network should be granted access to connect to IT systems or workloads unless it is explicitly deemed necessary. In short, it means zero implicit trust.
IT teams need to ensure that users and devices can safely connect to the internet, regardless of where the access request is from, without the complexity associated with legacy approaches. They also need to proactively identify, block, and mitigate targeted threats such as malware, ransomware, phishing, DNS data exfiltration, and advanced zero-day vulnerabilities for users. Zero Trust security can improve security postures while reducing the risk of malware.