Latest news with #DNSThreatLandscapeReport
Techday NZ
6 days ago
- Business
- Techday NZ
AI-driven DNS threats & malicious adtech surge worldwide
Infoblox has published its 2025 DNS Threat Landscape Report, revealing increases in artificial intelligence-driven threats and widespread malicious adtech activity impacting organisations worldwide. DNS exploits rising The report draws on real-time analysis of more than 70 billion daily DNS queries across thousands of customer environments, providing data on how adversaries exploit DNS infrastructure to deceive users, evade detection, and undermine brand trust. Infoblox Threat Intel has identified over 660 unique threat actors and more than 204,000 suspicious domain clusters to date, with 10 new actors highlighted in the past year alone. The findings detail how malicious actors are registering unprecedented numbers of domains, using automation to enable large-scale campaigns and circumvent traditional cyber defences. In the past 12 months, 100.8 million newly observed domains were identified, with 25.1% classed as malicious or suspicious by researchers. According to Infoblox, the vast majority of these threat-related domains (95%) were unique to a single customer environment, increasing difficulty for the wider industry to detect and stop these threats. Malicious adtech and evasive tactics The analysis highlights the growing influence of malicious adtech, with 82% of customer environments reportedly querying domains associated with blacklisted advertising services. Malicious adtech schemes frequently rely on traffic distribution systems (TDS) to serve harmful content and mask the true nature of destination sites. Nearly 500,000 TDS domains were recorded within Infoblox networks over the year. Attackers are also harnessing DNS misconfigurations and deploying advanced techniques such as AI-enabled deepfakes and high-speed domain rotation. These tactics allow adversaries to hijack existing domains or impersonate prominent brands for phishing, malware delivery, drive-by downloads, or scams such as fraudulent cryptocurrency investment schemes. TDS enables threats to be redirected or disguised rapidly, hindering detection and response efforts. "This year's findings highlight the many ways in which threat actors are taking advantage of DNS to operate their campaigns, both in terms of registering large volumes of domain names and also leveraging DNS misconfigurations to hijack existing domains and impersonate major brands. The report exposes the widespread use of traffic distribution systems (TDS) to help disguise these crimes, among other trends security teams must look out for to stay ahead of attackers," said Dr. Renée Burton, head of Infoblox Threat Intel. Infoblox notes that traditional forensic-based, post-incident detection - also termed a "patient zero" approach - has proven less effective as attackers increase their use of new infrastructures and frequently rotate domains. As threats emerge and evolve at pace, reactive techniques may leave organisations exposed before threats are fully understood or shared across the security industry. AI, tunnelling and the threat intelligence gap DNS is also being leveraged for tunnelling, data exfiltration, and command and control activities. The report documents daily detections of activity involving tools such as Cobalt Strike, Sliver, and custom-built malware, which typically require machine learning algorithms to identify due to their obfuscation methods. Infoblox Threat Intel's research suggests that domain clusters - groups of interrelated domains operated by the same actor - are a significant trend. During the past year, security teams uncovered new actors and observed the continued growth of domain sets used for malicious activities. Proactive security recommended The report advocates a shift towards preemptive protection and predictive threat intelligence, emphasising the limitations of relying solely on detection after the fact. The data indicates that using Infoblox's protective DNS solution, 82% of threat-related queries were blocked before they could have a harmful impact, suggesting that proactive monitoring and early intervention can help counter adversarial tactics. Infoblox researchers argue that combining protective solutions with continuous monitoring of emerging threats is essential to providing security teams the necessary resources and intelligence to disrupt malicious campaigns before significant damage occurs. The report brings together research insights from the past twelve months to map out attack patterns and equip organisations with up-to-date knowledge on DNS-based threats, with a particular focus on the evolving role of harmful adtech in the modern threat landscape.
Scoop
6 days ago
- Business
- Scoop
Infoblox Unveils 2025 DNS Threat Landscape Report, Revealing Surge In AI-Driven Threats And Malicious Adtech
Press Release – Infoblox Based on pre-attack telemetry and real-time analysis of DNS queries from thousands of customer environmentswith over 70 billion DNS queries per daythe report offers a comprehensive view into how threat actors exploit DNS to deceive users, Infoblox, a leader in cloud networking and security services, today released its 2025 DNS Threat Landscape Report, revealing a dramatic surge in DNS based cyberthreats and the growing sophistication of adversaries leveraging AI-enabled deepfakes, malicious adtech and evasive domain tactics. Based on pre-attack telemetry and real-time analysis of DNS queries from thousands of customer environments—with over 70 billion DNS queries per day—the report offers a comprehensive view into how threat actors exploit DNS to deceive users, evade detection and hijack trust. 'This year's findings highlight the many ways in which threat actors are taking advantage of DNS to operate their campaigns, both in terms of registering large volumes of domain names and also leveraging DNS misconfigurations to hijack existing domains and impersonate major brands,' said Dr. Renée Burton, head of Infoblox Threat Intel. 'The report exposes the widespread use of traffic distribution systems (TDS) to help disguise these crimes, among other trends security teams must look out for to stay ahead of attackers.' Since its inception, Infoblox Threat Intel has identified a total of over 660 unique threat actors and more than 204,000 suspicious domain clusters, meaning a group of domains believed to be registered by the same actor. Over the past 12 months, Infoblox researchers have published research covering 10 new actors. They have uncovered the breadth and depth of malicious adtech, which disguises threats from users through TDS, driving industry thought leadership in this topic. This report brings together findings from the past 12 months to illuminate attack trends, equipping security teams with critical knowledge to keep their edge over bad actors. Particularly, the report sheds light on adtech's role in these attacks. Top Findings Of the 100.8 million newly observed domains in the past year, 25.1 per cent were classified as malicious or suspicious. 95 per cent of threat-related domains were observed in only one customer environment, underscoring the challenges to the security industry to detect and stop threats. 82 per cent of customer environments queried domains associated with malicious adtech, which rotate a massive number of domains to evade security tools and serve malicious content. Nearly 500k traffic distribution system (TDS) domains were seen in the last 12 months within Infoblox networks. Daily detection of DNS Tunnelling, exfiltration, and command and control, including Cobalt Strike, Sliver, and custom tools, which require ML algorithms to detect. Uptick in Newly Observed Domains Infoblox Threat Intel identified 100.8 million newly observed domains, with over 25 percent classified as malicious or suspicious. Over the year, threat actors continuously registered, activated and deployed new domains, often in very large sets through automated registration processes. By increasing their number of domains, threat actors can bypass traditional forensic based defences––which are built on a 'patient zero' approach to security. This reactive approach relies on detecting and analysing threats after they have already been used somewhere else in the world. As attackers leverage increasing levels of new infrastructure, this approach becomes ineffective––leaving organisations vulnerable. Actors are using these domains for an array of malicious purposes, from creating phishing pages to deploying malware through drive-by downloads, to engaging in fraudulent activities and scams, such as fake cryptocurrency investment sites. The Need for Preemptive Security These findings underscore a pressing need for organisations to be proactive in the face of AI equipped attackers. Investing in preemptive security can be the deciding factor in successfully thwarting threat actors. Using predictive threat intelligence, Infoblox's protective DNS solution blocked 82 percent of threat-related queries before their initial impact. Proactive protection, paired with consistent radar on emerging threats, tips the scales in favour of security teams—allowing them to pull ahead of attackers and interrupt their unlimited supply of domains. Access the full Infoblox DNS Threat Landscape Report 2025. Infoblox unites networking, security and cloud to form a platform for operations that's as resilient as it is agile. Trusted by 13,000+ customers, including 92 of the Fortune 100, we seamlessly integrate, secure and automate critical network services so businesses can move fast without compromise. Visit or follow us on LinkedIn.
The Province
6 days ago
- Sport
- The Province
Infoblox Unveils 2025 DNS Threat Landscape Report, Revealing Surge in AI-driven Threats and Malicious Adtech
Over the past year, threat actors have rapidly advanced theiruse of deception--scaling operations and leveraging AI to targetindividuals, organizations, and evade threat research. InfobloxThreat Intel has observed a new level of professionalism andspeed in the way actors launch Domain Name System (DNS)-sourced cyberattacks. GNW Of the 100.8 million newly observed domains, 25.1 percent were classified as malicious or suspicious 82 percent of environments contacted malicious adtech domains This advertisement has not loaded yet, but your article continues below. THIS CONTENT IS RESERVED FOR SUBSCRIBERS ONLY Subscribe now to read the latest news in your city and across Canada. Exclusive articles by top sports columnists Patrick Johnston, Ben Kuzma, J.J. Abrams and others. Plus, Canucks Report, Sports and Headline News newsletters and events. Unlimited online access to The Province and 15 news sites with one account. The Province ePaper, an electronic replica of the print edition to view on any device, share and comment on. Daily puzzles and comics, including the New York Times Crossword. Support local journalism. SUBSCRIBE TO UNLOCK MORE ARTICLES Subscribe now to read the latest news in your city and across Canada. Exclusive articles by top sports columnists Patrick Johnston, Ben Kuzma, J.J. Abrams and others. Plus, Canucks Report, Sports and Headline News newsletters and events. Unlimited online access to The Province and 15 news sites with one account. The Province ePaper, an electronic replica of the print edition to view on any device, share and comment on. Daily puzzles and comics, including the New York Times Crossword. Support local journalism. REGISTER / SIGN IN TO UNLOCK MORE ARTICLES Create an account or sign in to continue with your reading experience. Access articles from across Canada with one account. Share your thoughts and join the conversation in the comments. Enjoy additional articles per month. Get email updates from your favourite authors. THIS ARTICLE IS FREE TO READ REGISTER TO UNLOCK. Create an account or sign in to continue with your reading experience. Access articles from across Canada with one account Share your thoughts and join the conversation in the comments Enjoy additional articles per month Get email updates from your favourite authors SANTA CLARA, Calif., Aug. 04, 2025 (GLOBE NEWSWIRE) — Infoblox, a leader in cloud networking and security services, today released its 2025 DNS Threat Landscape Report, revealing a dramatic surge in DNS-based cyberthreats and the growing sophistication of adversaries leveraging AI-enabled deepfakes, malicious adtech and evasive domain tactics. Based on pre-attack telemetry and real-time analysis of DNS queries from thousands of customer environments—with over 70 billion DNS queries per day—the report offers a comprehensive view into how threat actors exploit DNS to deceive users, evade detection and hijack trust. 'This year's findings highlight the many ways in which threat actors are taking advantage of DNS to operate their campaigns, both in terms of registering large volumes of domain names and also leveraging DNS misconfigurations to hijack existing domains and impersonate major brands,' said Dr. Renée Burton, head of Infoblox Threat Intel. 'The report exposes the widespread use of traffic distribution systems (TDS) to help disguise these crimes, among other trends security teams must look out for to stay ahead of attackers.' Essential reading for hockey fans who eat, sleep, Canucks, repeat. By signing up you consent to receive the above newsletter from Postmedia Network Inc. Please try again This advertisement has not loaded yet, but your article continues below. Since its inception, Infoblox Threat Intel has identified a total of over 660 unique threat actors and more than 204,000 suspicious domain clusters, meaning a group of domains believed to be registered by the same actor. Over the past 12 months, Infoblox researchers have published research covering 10 new actors. They have uncovered the breadth and depth of malicious adtech, which disguises threats from users through TDS, driving industry thought leadership in this topic. This report brings together findings from the past 12 months to illuminate attack trends, equipping security teams with critical knowledge to keep their edge over bad actors. Particularly, the report sheds light on adtech's role in these attacks. This advertisement has not loaded yet, but your article continues below. Top Findings Of the 100.8 million newly observed domains in the past year, 25.1 percent were classified as malicious or suspicious. 95 percent of threat-related domains were observed in only one customer environment, underscoring the challenges to the security industry to detect and stop threats. 82 percent of customer environments queried domains associated with malicious adtech, which rotate a massive number of domains to evade security tools and serve malicious content. Nearly 500k traffic distribution system (TDS) domains were seen in the last 12 months within Infoblox networks. Daily detection of DNS Tunneling, exfiltration, and command and control, including Cobalt Strike, Sliver, and custom tools, which require ML algorithms to detect. This advertisement has not loaded yet, but your article continues below. Uptick in Newly Observed Domains Infoblox Threat Intel identified 100.8 million newly observed domains, with over 25 percent classified as malicious or suspicious. Over the year, threat actors continuously registered, activated and deployed new domains, often in very large sets through automated registration processes. By increasing their number of domains, threat actors can bypass traditional forensic-based defenses––which are built on a 'patient zero' approach to security. This reactive approach relies on detecting and analyzing threats after they have already been used somewhere else in the world. As attackers leverage increasing levels of new infrastructure, this approach becomes ineffective––leaving organizations vulnerable. This advertisement has not loaded yet, but your article continues below. Actors are using these domains for an array of malicious purposes, from creating phishing pages to deploying malware through drive-by downloads, to engaging in fraudulent activities and scams, such as fake cryptocurrency investment sites. The Need for Preemptive Security These findings underscore a pressing need for organizations to be proactive in the face of AI-equipped attackers. Investing in preemptive security can be the deciding factor in successfully thwarting threat actors. Using predictive threat intelligence, Infoblox's protective DNS solution blocked 82 percent of threat-related queries before their initial impact. Proactive protection, paired with consistent radar on emerging threats, tips the scales in favor of security teams—allowing them to pull ahead of attackers and interrupt their unlimited supply of domains. This advertisement has not loaded yet, but your article continues below. Access the full Infoblox DNS Threat Landscape Report 2025. For Threat Researchers: For Security Teams: About Infoblox Infoblox unites networking, security and cloud to form a platform for operations that's as resilient as it is agile. Trusted by 13,000+ customers, including 92 of the Fortune 100, we seamlessly integrate, secure and automate critical network services so businesses can move fast without compromise. Visit , or follow us on LinkedIn . Media Contact: Ariel Roop Head of Global Communications pr@ A photo accompanying this announcement is available at News Entertainment News News National
Toronto Star
7 days ago
- Business
- Toronto Star
Infoblox Unveils 2025 DNS Threat Landscape Report, Revealing Surge in AI-driven Threats and Malicious Adtech
Of the 100.8 million newly observed domains, 25.1 percent were classified as malicious or suspicious 82 percent of environments contacted malicious adtech domains SANTA CLARA, Calif., Aug. 04, 2025 (GLOBE NEWSWIRE) — Infoblox, a leader in cloud networking and security services, today released its 2025 DNS Threat Landscape Report, revealing a dramatic surge in DNS-based cyberthreats and the growing sophistication of adversaries leveraging AI-enabled deepfakes, malicious adtech and evasive domain tactics.
