A recent study published by Akamai Technologies has revealed that QSnatch infections are the main source of malicious DNS traffic in Asia Pacific. The study also highlighted that between 10% and 16% of companies worldwide experience command and control activity in their networks each quarter, which could be a sign that an attack or breach is currently taking place.
QSnatch is a malware that targets QNAP, a type of network attached storage (NAS) device used for backups or file storage by businesses. It has become the largest botnet threat in enterprise environments in Asia Pacific, with almost 60% of affected devices in the region infected with QSnatch. This has made the region second only to North America in terms of devices with QSnatch infections globally.
According to Akamai, most Internet usage is facilitated via DNS, making it an important part of the attack infrastructure due to its ubiquity. Nearly seven trillion DNS requests are made daily, and malicious DNS transactions are classified into three categories: malware, phishing, and command and control. Command and control traffic indicates the possibility of an attack in progress or a breach, and threats range from information stealing botnets to Initial Access Brokers (IABs) who sell unauthorized access to breached networks to other cyber criminals.
In APAC, 15% of affected devices have reached out to known IAB C2 domains, such as Emotet, which conduct the initial breach before selling access to ransomware groups like Lockbit and other cybercriminal groups. The region also saw ransomware variants like Revil and Lockbit move into the top five types of C2 threats affecting devices across all organizations.
Multi-Stage Attacks
Akamai’s statistics showed that APAC recorded far higher consumer home network threats than any other global region. APAC has twice the number of malicious flagged queries compared to North America. More than 350 million inquiries in APAC were discovered to be linked to Pykspa, an info-stealing malware that distributes through Skype by delivering fraudulent URLs to the impacted users’ contacts.
Reuben Koh, Director of Security Technology and Strategy, APJ at Akamai, explained that “multi-stage attacks have become a staple of the modern cyber landscape in the region. Threat actors are finding increased success when they work together or when they can combine various tools in a single attack. A C2 infrastructure is pivotal in the success of these attacks as they can be used for communication as well as to facilitate downloading a payload and the next-stage malware to move the attack onward.”
Mr. Koh emphasized that it is vital for companies to remain clear of attackers as multi-stage assaults can have negative effects on their enterprises. Apart from direct financial loss, there is also loss of customer confidence and trust, as well as long-term costs to recover compromised infrastructure, such as legal, reimbursement, and clean-up costs.
In the past year, globally about 12% of organizations have shown signs of a breach. This emphasizes the importance of implementing cybersecurity measures, especially in the face of increasing cyber threats and attacks. Businesses and organizations must prioritize cybersecurity and take necessary steps to protect themselves and their customers’ data from malicious attacks.
