Welcome to the first State of the Internet / Security: Carrier Insights report for Spring 2018! This marks a number of milestone changes for our reporting and research since the Nominum team joined Akamai in November 2017. Collaboration and data sharing are important topics
in our report. Security in 2018 is a collaborative effort: No single solution and no single team has all the data, tools, or knowledge required to generate meaningful intelligence from the multitude of signals being recorded every second of every day. Increasingly, even the largest enterprises need to work with both peers and competitors to make sense of the data deluge. Just as the security field is evolving, as our willingness to communicate as an industry is maturing, attackers are adopting some of the same tactics that make businesses successful. Several of the botnets we looked at have adopted a modular approach in their software and can have their capabilities easily enhanced. There is no rest for the weary defender.
We use the Mirai attacks of 2016 and 2017 in this report to highlight how important collaboration is to our defense. More recent events, like the memcached-driven DDoS attacks, demonstrate that interorganizational cooperation is only going to become more important over time. The problems we face are reaching scales no business can defend themselves from without help. Moreover, this contemporary scale of threats requires us to develop tools that minimize human intervention, and maximize artificial intelligence and machine learning. The State of the Internet / Security: Carrier Insights, Spring 2018 draws from six months of data to cover the following topics: Collaboration is the Key to Success: Our guest author is Megan Stifel, CEO of Silicon Harbor Consultants and former Director for International Cyber Policy on the National Security Council, who highlights the importance of cooperation and data sharing. Zero Day Domains: Monitoring DNS requests from across the Internet allows us to identify new botnet command and control (C&C) structures as they arise. Malware Evolution: The Loapi botnet shows us that malicious programmers are learning to write extensible code, while Terdot highlights how important social media credentials have become. Taking on Mirai: Internal and external cooperation were vital in combating this threat.