DNS ‘threat level’ jumps 58%: Infoblox
Quarterly index shows year-on-year surge, driven by phishing, demand for exploit kits
The DNS threat level has risen 58%, year on year, from the second quarter of 2014, driven by a surge in phishing attacks, according to network security specialist Infoblox.
Releasing its Q2 2015 DNS Threat Index, on which the company collaborates with InternetIdentity.com (IID), Infoblox warned that the threat level had reached a record high of 133.
Domain-Name System (DNS) operates as the phone directory for the Internet, translating text-based URLs, such as www.itp.net, into IP addresses for the routing of Web traffic. Infoblox's index is a cumulative measure of malicious activity worldwide that specifically uses DNS to target victims.
Infoblox said the "single biggest factor" driving the observed surge, is the creation of malicious domains for phishing attacks. Phishing is a social-engineering technique used by cyber criminals and other malicious actors to hoodwink Internet users into hazardous behaviour, such as disclosing personal information or visiting a website that is dressed upon to look like a trusted resource, such as a user's online banking login page.
Another significant contributor to the index's peak is a growing demand for software-vulnerability exploit kits, which are often hidden on websites that users trust, but are downloaded to devices as soon as a user visits.
The Infoblox DNS Threat Index, which Infoblox claims is "the first security report to analyse the creation of malicious domains", has a baseline of 100, which is the average of quarterly results for the years 2013 and 2014. In the first quarter of 2015, the index stood at 122, and has now jumped an additional 11 points to a record high of 133 in the second quarter.
"DNS is critical infrastructure for the Internet that can't be turned off," said Rod Rasmussen, chief technology officer at IID. "Through our analysis, it's apparent that cybercriminals recognise this and see DNS as a vector for penetrating government, corporate, and personal networks. The Infoblox DNS Threat Index, powered by IID, is intended to give insight into the extent to which bad actors are leveraging DNS for illicit activities."
"DNS sits at the centre of the Internet, connecting people, applications, and devices, making DNS a powerful tool for protecting networks as well as penetrating them," said Craig Sanderson, senior director of security products at Infoblox. "Organisations can enhance their security by acquiring and understanding DNS threat intelligence data, then using that data to block access to malicious domains."