Akamai's take on the state of DNS threats.

Akamai’s DNS Threat Report for Q3 2022 has found that 14% of devices connected with a malicious destination at least once during the quarter. The researchers state, “Breaking down these potentially compromised devices further, 59% of the devices communicated with malware or ransomware domains, 35% communicated with phishing domains, and 6% communicated with command and control (C2) domains.”

Akamai adds, “Comparing 2022 Q3 results with 2022 Q1 and Q2 results, we can see stability across all categories with some increase on the C2 front. Since we are not able to attribute this increase to a specific attack campaign, we are attributing it to seasonal changes in the threat landscape. It’s also possible that the increase can be attributed to an increase in vulnerable devices.”

The report also looked at phishing kits, finding that the most impersonated brands were Adobe and M&T Bank:

“According to Akamai research that tracked 299 different phishing toolkits being used in the wild to launch new attack campaigns, in Q3 2022, 2.01% of the tracked kits were reused on at least 63 distinct days (Figure 5). Further, 53.2% of the kits were reused to launch a new attack campaign on at least five days, and 100% of the tracked kits were reused on no fewer than three distinct days over Q3.”

Akamai also notes that phishing campaigns will increase as the holiday season approaches, so this unfortunate trend will in all likelihood see a seasonal upturn.