Investigation Reveals Large Botnet Hiding Behind Fast Flux Technique; Confirms Method Used to Obscure Malicious Network Behavior
Las Vegas, Nev., Akamai Edge 2017 | October 10, 2017
Akamai Technologies, Inc. (NASDAQ:AKAM, news, filings), the world’s largest and most trusted cloud delivery platform, today announced results of new research into the behavior of a malicious botnet employing Fast Flux techniques. The findings are compiled in a new white paper – Digging Deeper – An In-Depth Analysis of a Fast Flux Network.
Fast Flux, a DNS technique first introduced in 2006 and widely associated with the Storm Worm malware variants, can be used by botnets to hide various types of malicious activities – including phishing, web proxying, malware delivery, and malware communication. The technique allows the botnet to “hide” behind an ever-changing network of compromised hosts, ultimately acting as proxies and making detection incredibly difficult.
As the world’s largest Content Delivery Network (CDN) provider, Akamai has unmatched visibility into traffic flowing across both enterprise networks and the Internet. The high level of sophistication these botnets employ requires a new approach to detection. Using advanced algorithms that can distinguish between the rapidly changing malicious activity generated by these networks and legitimate traffic is key to successful detection and mitigation.
Akamai’s Enterprise Security Threat Research Team conducted an analysis of a sophisticated botnet using Fast Flux techniques made up of more than 14,000 IP addresses. Although most of the IP addresses originate from eastern Europe, some of the associated IP addresses are in address space that is assigned to Fortune 100 companies. These addresses are most likely used by this particular Fast Flux network owner as spoofed entities and are not genuine members of the network. This approach allows the botnet to “borrow” the positive reputation associated with the IP address to carry out its malicious activities.
“The increasing complexity of enterprise networks and dependencies on public networks make it more difficult than ever to maintain an accurate picture of what is really happening on your networks,” said Or Katz, Principal Lead Security Researcher, Akamai. “At the same time, the increasing sophistication of the obfuscation techniques used by hackers to hide their malicious activities makes it even more important to maintain granular insights into network activity. The level of visibility Akamai has into both ‘good’ and ‘bad’ traffic on the Internet and within corporate enterprise network makes this kind of research possible and is critically important to how we can best protect our customers.”
Akamai offerings such as Enterprise Threat Protector are designed to help organizations defend themselves against malicious botnets by identifying harmful behavior more quickly and blocking harmful interactions before they impact operations.
A complimentary copy of the white paper containing more detailed analysis of the botnet is available for download.
Mr. Katz will also be presenting his team’s findings during a session at Akamai EDGE 2017, its tenth annual customer conference, taking place October 11-13, 2017 at the ARIA Resort, Las Vegas. For a complete list of sessions, please visit the EDGE website. A list of registration rates, description of eligible attendees and conference pass options is available at EDGE Registration.
As the world’s largest and most trusted cloud delivery platform, Akamai makes it easier for its customers to provide the best and most secure digital experiences on any device, anytime, anywhere. Akamai’s massively distributed platform is unparalleled in scale with over 200,000 servers across 130 countries, giving customers superior performance and threat protection. Akamai’s portfolio of web and mobile performance, cloud security, enterprise access, and video delivery solutions are supported by exceptional customer service and 24/7 monitoring. To learn why the top financial institutions, e-commerce leaders, media & entertainment providers, and government organizations trust Akamai please visit www.akamai.com, blogs.akamai.com, or @Akamai on Twitter.