Akamai Technologies has launched a new State of the Internet report on malicious Domain Name System (DNS) traffic. The report, Attack Superhighway: A Deep Dive on Malicious DNS Traffic, looks into attacks that present a major threat to both enterprises and home users.
On the consumer side, the data demonstrates an outbreak of information-stealing malware targeting people via their personal devices in EMEA. In particular, Android mobile malware, FluBot, has been spreading like wildfire throughout the region with 193 million queries flagged. This threat propagates itself through SMS messages sent out to the full contact list of the victim in their local language. This localisation approach has been particularly effective in the UK, Spain, Germany and Finland. Once a device has been infected, malware will attempt to steal debit and credit card information, which attackers then use to steal money or sell to other criminals.
The data shows that these attacks are also leading to data breaches for businesses, with Emotet, Ramnit and QSnatch particularly active in the region. Emotet has presented a major threat to organisations for over half a decade. This group focuses on breaching corporate networks to sell access to ransomware and other dangerous attackers. This access is then used to take over an organisation’s network and execute massive attacks that can result in serious financial losses. It has been linked to large ransomware groups such as LockBit, Conti and RyUK. In EMEA, one-out-of-five infections is an Emotet infection, indicating a high level of risk for organisations looking to avoid the threat of ransomware.
Another prominent threat in the region is the targeting of network-attached storage devices by a botnet known as QSnatch. These network-attached devices often store troves of sensitive information as well as backups and can be vulnerable if not regularly patched and protected. Once QSnatch gains access to a device, it can steal the information or modify it, thus creating the risk of a data breach. In EMEA, close to a third of infections were associated with QSnatch.
Ramnit, which accounts for two-out-of-10 infections in EMEA, is a banking Trojan, which steals credentials for online banking and is often spread via phishing. According to the report, EMEA still accounts for the biggest number of Ramnit infections globally. This is not surprising given that in the past, its operators targeted banks in Italy, the UK and France.