top of page

DNS data shows one in ten organisations have malware traffic on their networks

Research has been conducted by Akamai around Command and control (C2) traffic to understand prevalent threats in corporate and home networks, and the results are concerning.

According to their findings between 10% and 16% of organisations have encountered C2 traffic within their networks in any given quarter. This may be indicative of malware attempting to communicate with an operator and is a potential sign of a breach.

26% of affected devices have reached out to initial access broker (IAB) C2 domains, including Emotet and Qakbot-related domains. The initial access brokers present a significant risk to organisations as their main role is to complete the initial breach and then sell this access on to cyber criminal groups or ransomware groups.

30% of affected organisations are within the manufacturing sector. The cybercriminal's predominant aim is to disrupt their services and to have a wider knock on effect to multiple organisations through disruption of the supply chains.

JDNS have been identified as a highway for attack traffic and ransomware groups, and cybercriminals are leveraging DNS to facilitate the breaches of networks to be able to move laterally.

C2 can be used to facilitate an attack in progress, to download the next-stage malware and other payloads, and to establish backdoor access. These transactions and attack traffic often pass through the Domain Name System (DNS).

DNS is often seen as the interaction between users and websites, it can, in fact, contain large amounts of malicious traffic, and act as an important part of the attack’s infrastructure.

A Zero Trust mindset should be adopted and businesses must consider where and how attacks can be disrupted, and where to apply these principles. Zero Trust is a network security strategy based on the philosophy that no person or device inside or outside of an organisation’s network should be granted access to connect to IT systems or workloads unless it is explicitly deemed necessary. In short, it means zero implicit trust.

IT teams need to ensure that users and devices can safely connect to the internet, regardless of where the access request is from, without the complexity associated with legacy approaches.

They also need to proactively identify, block, and mitigate targeted threats such as malware, ransomware, phishing, DNS data exfiltration, and advanced zero-day vulnerabilities for users. Zero Trust security can improve security postures while reducing the risk of malware.



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page