2 min

Research by Akamai indicates that 20 percent of all domain names registered in the past six months (79 million) were created for malicious purposes. Akamai claims that its security software is able to identify malicious domain names within minutes.

Most cybercriminals depend on domain names. Organizations can prevent malware and phishing attacks by identifying suspicious domain names. The problem is that cybercriminals constantly switch between domain names. Once you’re able to accurately determine that a domain name is used for a malicious purpose, it’s typically already too late — the cybercriminal provided the malicious web app or website with a new domain name.

Recent research by Akamai confirms the scale of the problem. According to the company, 20 percent of all domain names registered in the past six months (79 million) were created for malicious purposes. Akamai says cybercriminals often register thousands of domain names simultaneously. As soon as one of the domain names is marked as suspicious, the cybercriminal replaces the address with a new domain.


In the first six months of 2022, Akamai monitored billions of DNS requests to identify new domain names. The company then used a proprietary system to analyze the domain names based on multiple factors. Akamai determined that 20 percent were registered for malicious purposes.

One of the factors is readability. According to Akamai, cybercriminals typically use automated systems to register domain names. The systems tend to generate domain names with random numbers and letters.

An unreadable domain name can indicate malicious activity, but it does not necessarily mean the domain is being used for malicious purposes. In addition to readability, Akamai’s system reviews more than 190 other factors. The specifics are unknown, because the technology is patented and largely kept a secret.


The organization claims that the technology correctly identifies malicious domain names in 99.99958 percent of all cases. Only 329 out of the 79 million domain names identified as malicious in the past six months were found to be safe during subsequent research.

“All of our detection systems and rules are fully automated”, the researchers said. “This means that the time needed for us to classify a domain name as malicious is measured in minutes, not hours or days. No human intervention is needed.”

Akamai develops a broad portfolio of security, content delivery and edge computing solutions. The technology is used for several products.

Tip: Data protection is becoming more workload-specific (and software-defined)