Infoblox DNS Threat Index Hits Record High in Second Quarter Due to Surge in Phishing Attacks

Infoblox Inc. (NYSE:BLOX), the network control company, today released the second quarter 2015 report for the Infoblox DNS Threat Index, powered by IID, the source for clear cyberthreat intelligence. The index hit a record high of 133—up 58 percent from the second quarter of 2014—due to a surge in phishing attacks.

The Infoblox DNS Threat Index (www.infoblox.com/dns-threat-index), which Infoblox and IID (www.internetidentity.com) are introducing today, is an indicator of malicious activity worldwide exploiting the Domain Name System (DNS).

The single biggest factor driving the second-quarter increase, according to analysis of the data by IID and Infoblox, is the creation of malicious domains for phishing attacks. Phishing, a time-tested weapon of cybercriminals, involves sending emails that point users to fake web sitesmimicking a bank’s home page, for example, or a company’s employee portalto collect confidential information such as account names and passwords or credit-card numbers.

Another significant contributor to the index’s record high is the growing demand for exploit kits. These packages of malicious software are typically hidden on web sites that appear to be innocuous, but download malware whenever a user visitseven if the user takes no action.

The Infoblox DNS Threat Index, which is the first security report to analyze the creation of malicious domains, has a baseline of 100the average of quarterly results for the years 2013 and 2014. In the first quarter of 2015, the index stood at 122, and has now jumped an additional 11 points to a record high of 133 in the second quarter.

DNS is the address book of the Internet, translating domain names such as www.google.com into machine-readable Internet Protocol (IP) addresses such as 74.125.20.106. Because DNS is required for almost all Internet connections, cybercriminals are constantly creating new domains to unleash a variety of threats that can leverage DNS, ranging from simple malware to exploit kits, phishing, distributed denial of service (DDoS) attacks, and data exfiltration.

“DNS is critical infrastructure for the Internet that can’t be turned off. Through our analysis, it’s apparent that cybercriminals recognize this and see DNS as a vector for penetrating government, corporate, and personal networks,” said Rod Rasmussen, chief technology officer at IID. “The Infoblox DNS Threat Index, powered by IID, is intended to give insight into the extent to which bad actors are leveraging DNS for illicit activities.”

“DNS sits at the center of the Internet, connecting people, applications, and devicesmaking DNS a powerful tool for protecting networks as well as penetrating them,” said Craig Sanderson, senior director of security products at Infoblox. “Organizations can enhance their security by acquiring and understanding DNS threat intelligence data, then using that data to block access to malicious domains.”

The full Infoblox DNS Threat Index report for the second quarter of 2015 is available for free, with no registration required, at www.infoblox.com/dns-threat-index.

Comments are closed.