malware Akamai's new analysis shows that around 79 million domains were deemed dangerous by its experts in the first half 2022. This is based on an NOD (newly observed Domain) dataset and represents 20.1% of all successfully resolved NODs.

Akamai defines a NOD as any domain that has been accessed for the first 60 days. It refers to domain names that lead to malicious sites, such as those designed to spread malware, phish or cause other online damage.

Akamai stated, "[The NOD databank] is where you can find newly registered domain names, typos and domains that are very rarely queried globally." About 12 million NODs are observed by Akamai each day, with slightly more than 2,000,000 being successfully resolved.

To determine if a domain is malicious or not, the organization follows relatively straightforward procedures. Akamai, with the help of the wider cybersecurity community, compiled a 30-year-old predictive list of domain generation algorithms (DGAs). This may be used for detecting domains that have been registered with DGAs.

DGA domains can be used for temporary campaigns and hackers often use them to distribute malware or host phishing sites. DGAs are places on the internet that malware and other items can meet and be used.

According to Akamai, the majority of malicious domain detections it makes come from its "more than 190 NOD specific detection criteria". This is NOD-based detection. The company also stated that only 0.00042 percent of malicious NODs were discovered during the first half year.

Other than Akamai’s NOD detection, there are other options, like Cisco's "newly viewed domain" detection system. This scans DNS data to alert users of potentially dangerous websites.

While it is not clear how these services compare to Akamai's, the end goals seem similar and indicate that NODs represent a well-known security problem that other businesses are trying to address.

Data Breach in City of Tucson - Personal Information Compromise

data breachTucson, Arizona has alerted approximately 123,000 residents about a data breach. Although the issue was discovered in May 2022 by Tucson, Arizona, its investigation did not conclude until last month.

The notification to the affected parties explains that an attacker broke into the city's network and stole a lot of sensitive files.

Between May 17th and May 31st the threat actors gained access to the network, and stole vital documents that contained the personal information for over 123,000 people.

According to the data breach notification, "On May 29, 2022, the City discovered suspicious behavior in a user's network account credentials. The City also discovered that some files had been copied and then removed from its network on August 4, 2022."

In a separate notice, the city stated that "On September 12, this review was completed and it was determined that the information in question contained certain personal information."

On September 23, the city began to contact potentially affected people, informing them that attackers could have gained access their Social Security numbers and names. This information was among the sensitive personal data exposed during the incident.

Notification letters were sent to affected persons, which also stated that there is no evidence of personal data being used in fraud.

Individuals affected are advised to keep an eye on their credit reports for unusual activity that could indicate identity theft or fraud using personal information.

The city will provide free credit monitoring and identity protection services by Experian for one year to those who are affected. They also offer advice on how you can avoid becoming a victim of identity fraud.

As it continues to review current cybersecurity procedures and policies, the city is committed protecting residents' personal data. It also evaluates additional safeguards and measures to prevent this type of event.

With the right security measures a data breach can be prevented, or at the very least,  minimized. Is it time to contact Integrated Technology Systems for an analysis of your network security?

Integrated Technology Systems
6 East 45th Street, Suite 400
New York, NY 10017