Infoblox Inc., the network control company, released on the 5th of August the second quarter 2015 report for the Infoblox DNS Threat Index, powered by IID, the source for clear cyberthreat intelligence. The index hit a record high of 133—up 58 percent from the second quarter of 2014—due to a surge in phishing attacks.
The Infoblox DNS Threat Index which Infoblox and IID are introducing, is an indicator of malicious activity worldwide exploiting the Domain Name System (DNS).
The single biggest factor driving the second-quarter increase, according to analysis of the data by IID and Infoblox, is the creation of malicious domains for phishing attacks. Phishing, a time-tested weapon of cybercriminals, involves sending emails that point users to fake web sites—mimicking a bank’s home page, for example, or a company’s employee portal—to collect confidential information such as account names and passwords or credit-card numbers.
Another significant contributor to the index’s record high is the growing demand for exploit kits. These packages of malicious software are typically hidden on web sites that appear to be innocuous, but download malware whenever a user visits—even if the user takes no action.
The Infoblox DNS Threat Index, which is the first security report to analyze the creation of malicious domains, has a baseline of 100—the average of quarterly results for the years 2013 and 2014. In the first quarter of 2015, the index stood at 122, and has now jumped an additional 11 points to a record high of 133 in the second quarter.
DNS is the address book of the Internet, translating domain names such as into machine-readable Internet Protocol (IP) addresses such as 126.96.36.199. Because DNS is required for almost all Internet connections, cybercriminals are constantly creating new domains to unleash a variety of threats that can leverage DNS, ranging from simple malware to exploit kits, phishing, distributed denial of service (DDoS) attacks, and data exfiltration.
“DNS is critical infrastructure for the Internet that can’t be turned off. Through our analysis, it’s apparent that cybercriminals recognize this and see DNS as a vector for penetrating government, corporate, and personal networks,” said Rod Rasmussen, chief technology officer at IID. “The Infoblox DNS Threat Index, powered by IID, is intended to give insight into the extent to which bad actors are leveraging DNS for illicit activities.”
“DNS sits at the center of the Internet, connecting people, applications, and devices—making DNS a powerful tool for protecting networks as well as penetrating them,” said Craig Sanderson, senior director of security products at Infoblox. “Organizations can enhance their security by acquiring and understanding DNS threat intelligence data, then using that data to block access to malicious domains.”