Akamai flags prevalence of malware on corporate networks

Up to 16% of organisations have exhibited signs of a possible data breach in the last year, claims Akamai.

It is one of several findings from its latest State of the Internet report, published on Tuesday. The cloud, CDN and cybersecurity specialist tracks nearly 7 trillion domain name system (DNS) requests per day, looking for malicious traffic that could be malware, phishing or a command control (C2) attack.

Keeping tabs on all this activity means it can spot when something’s not quite right. Akamai said 10-16% of organisations on its radar showed symptoms of a C2 attack in 2022, which is when compromised corporate computers are controlled by commands sent from the hacker’s own server. A successful attack can turn networked PCs into a botnet army that can be used for spreading malware, stealing data or conducting distributed denial of service (DDOS) attacks on Websites and cloud-based services.

The most prevalent virus families for C2 attacks include QSnatch, which targets network-attached storage (NAS) devices for the purposes of stealing and/or modifying data. It accounted for almost a third of infected devices in EMEA last year. Another popular choice is Emotet, which infiltrates a network and is then used to download and install additional viruses that can steal data and install ransomware. Then there is Ramnit, a trojan spread by phishing attacks that goes after online banking credentials.

Meanwhile, mobile malware was also in rude health in 2022. One particular example, FluBot, propagates by sending SMS messages to the victim’s entire contact book in their local language. According to Akamai, in 2022, 193 million devices were infected by FluBot in EMEA alone. Once installed, the malware attempts to scrape debit and credit card information which can be sold to other criminals or used to steal money directly from the victim.

“This new report shows the massive range of cybercrime in the modern threat landscape,” said Steve Winterfeld, advisory CISO at Akamai, in a statement. “Attackers are unfortunately finding success when they leverage as-a-service hacking tools and are able to combine various tools in a single integrated multi-stage attack.”

It’s not all doom and gloom though. A separate report from Kaspersky in late February showed that the number of detected malicious installation packages – little viruses that download and install various malware – is on the wane.

The cybersecurity firm detected 1.7 million unwanted software installers in 2022, down from 3.5 million in 2021. In 2020 – when hackers capitalised on government efforts to update the populace with the latest Covid-related advice – that figure stood at 5.7 million.

In addition, while the number of mobile banking trojan installers increased 100% year-on-year in 2022 to 196,476, the number of successful attacks fell, said Kaspersky. Furthermore, the number of mobile ransomware trojans installers fell to 10,543 last year, 6,829 fewer than in 2021.

Obviously that doesn’t mean we can all relax and open strange email attachments, or click on any old link that comes our way.

“Despite the decline in overall malware installers, the continued growth of mobile banking trojans is a clear indication that cybercriminals are focusing on financial gain,” said Kaspersky security expert Tatyana Shishkova. “As our lives increasingly revolve around mobile devices, it’s more important than ever for users to remain vigilant against mobile threats and take the necessary steps to protect themselves.”

Get the latest news straight to your inbox. Register for the Telecoms.com newsletter here.