DNS Threats, Led by Phishing, Up 58% in Q2

Malicious DNS-related cyber-activity skyrocketed in the second quarter, up 58 percent year-over-year.

The Infoblox DNS Threat Index, powered by IID, has a baseline of 100—the average of quarterly results for the years 2013 and 2014. In the first quarter of 2015, the index stood at 122, and has now jumped an additional 11 points to a record high of 133 in the second quarter.

Because DNS is required for almost all internet connections, cyber-criminals are constantly creating new domains to unleash a variety of threats, ranging from simple malware to exploit kits, phishing, distributed denial of service (DDoS) attacks and data exfiltration.

“DNS is critical infrastructure for the Internet that can’t be turned off. Through our analysis, it’s apparent that cyber-criminals recognize this and see DNS as a vector for penetrating government, corporate and personal networks,” said Rod Rasmussen, CTO at IID.

Phishing and the growing demand for exploit kits were the most significant contributors to the index’s record high.

Phishing alone was up 74%.

“Phishing has been around for a long time, and the most recent index numbers show attackers are using it enthusiastically,” the report noted. “Criminals stick with phishing because it works, and because it’s often easier to trick humans into giving up sensitive information than to overcome increasingly sophisticated cybersecurity systems. Teaching internal users to be diligent and aware of the links they are clicking on is one level of protection. But with such important information at risk once exploited, organizations should also deploy technology that leverages current threat data to block traffic to and from these malicious sites.”

Meanwhile exploit kits, collections of malicious software that take advantage of security holes in operating systems and popular applications such as web browsers, accounted for 41% of malicious domain creation in the second quarter of 2015.

Exploit kits have ranged from less than 20% to more than 70% of the index, and this quarter’s volume was roughly the average across the previous 11 quarters. Although far from being the only set of threats within the index, changes in the number of observed new exploit-related domains is highly correlated with a change in the overall index.

 “DNS sits at the center of the Internet, connecting people, applications, and devices—making DNS a powerful tool for protecting networks as well as penetrating them,” said Craig Sanderson, senior director of security products at Infoblox. “Organizations can enhance their security by acquiring and understanding DNS threat intelligence data, then using that data to block access to malicious domains.”

What’s Hot on Infosecurity Magazine?