Akamai Technologies, Inc. recently published the State of the Internet / Security report: Adapting to the Unpredictable. The report looks back at 2020, examining some of the technological shifts and the patterns that emerged from lockdown-related internet spikes at the beginning of the year, to the resurgent spikes due to a mix of additional lockdowns and closures, as well as the holidays.
In 2020, the internet kept us working, learning, and connected. The Adapting to the Unpredictable report showcases the true resilience of the internet—for example, Akamai observed a 30% increase in internet traffic as the pandemic lockdowns started, and a global shift to remote functionality, which continues today.
Alongside the shift in usage, throughout the COVID-19 pandemic, Akamai has seen criminals take advantage worldwide, targeting all business sectors and industries, including information technology and security. Fortunately, Akamai uses its own products and services to defend the company and was prepared for remote work. The layered defenses in place at Akamai were easily able to adapt to a remote work environment. The concept of Zero Trust has enabled the company’s remote workers to do their jobs from anywhere and protects them at the same time. It’s taken years to architect this model to where it is today, and it’s a continuous process.
“Defending enterprise systems is a challenge at the best of times,” said Robert Blumofe, chief technology officer at Akamai. “Doing so in the middle of a pandemic only adds to these complexities and challenges. Akamai was able to transition to, and defend, a 99% remote workforce, because we’ve long viewed all access as remote access. We built our environment with the necessary capabilities, including leveraging Zero Trust concepts and robust, layered defenses.”
One of Akamai’s key layers of defense is Enterprise Threat Protector, which uses Akamai’s research and data, augmented with third-party data. This solution is designed to identify malicious domains and block them at the DNS and HTTP level. It addresses several key elements used by criminals, including exfiltration, command and control (C2), and phishing.
According to the report, in 2020, Akamai faced 21.5 million malicious DNS queries out of an aggregate of 109 billion, or about 299 million DNS queries per day. The majority of these attacks were malware attacks, with Akamai logging 10.2 million blocked requests related to malware in 2020. This could be due to a malicious link being clicked in an email, document, or even on a website, but the exact cause of the block events remain unknown.
Phishing, second only to malware, was the other top attack type observed in the Enterprise Threat Protector logs for 2020, with 6.3 million blocked attempts. The company’s platform organization, finance group, global services team, the office of the CIO, and the web sales and marketing unit were the most targeted, which tells us that criminals aren’t too picky when it comes to victim selection, but they will focus their efforts when the potential gain is large.
“One of the lessons learned in 2020, as it pertains to remote work and distance learning, is that the usual way of protection will work to a degree, but security must adapt rapidly to changing situations,” explains Steve Ragan, Akamai security researcher, and author of the State of the Internet / Security report. “Just because a policy or program works great in a data center or office doesn’t mean it will work when everyone has to go home. The forced changes in 2020 were a blunt reminder of this fact.”
Akamai | CDN | data exfiltration | DDoS | dns | edge security | remote work | WAF | WFH