Infoblox Inc. (NYSE:BLOX), the network control company, released the second quarter 2015 report for the Infoblox DNS Threat Index, powered by IID, the source for clear cyberthreat intelligence. The index hit a record high of 133—up 58 percent from the second quarter of 2014—due to a surge in phishing attacks.
The Infoblox DNS Threat Index, which Infoblox and IID are introducing, is an indicator of malicious activity worldwide exploiting the Domain Name System (DNS).
The single biggest factor driving the second-quarter increase, according to analysis of the data by IID and Infoblox, is the creation of malicious domains for phishing attacks. Phishing, a time-tested weapon of cybercriminals, involves sending emails that point users to fake web sites—mimicking a bank’s home page, for example, or a company’s employee portal—to collect confidential information such as account names and passwords or credit-card numbers.
Another significant contributor to the index’s record high is the growing demand for exploit kits. These packages of malicious software are typically hidden on web sites that appear to be innocuous, but download malware whenever a user visits—even if the user takes no action.
The Infoblox DNS Threat Index, which is the first security report to analyse the creation of malicious domains, has a baseline of 100—the average of quarterly results for the years 2013 and 2014. In the first quarter of 2015, the index stood at 122, and has now jumped an additional 11 points to a record high of 133 in the second quarter.
DNS is the address book of the Internet, translating domain names such as www.google.com into machine-readable Internet Protocol (IP) addresses such as 74.125.20.106. Because DNS is required for almost all Internet connections, cybercriminals are constantly creating new domains to unleash a variety of threats that can leverage DNS, ranging from simple malware to exploit kits, phishing, distributed denial of service (DDoS) attacks, and data exfiltration.
“DNS is critical infrastructure for the Internet that can’t be turned off. Through our analysis, it’s apparent that cybercriminals recognise this and see DNS as a vector for penetrating government, corporate, and personal networks,” said Rod Rasmussen, chief technology officer at IID. “The Infoblox DNS Threat Index, powered by IID, is intended to give insight into the extent to which bad actors are leveraging DNS for illicit activities.”
“DNS sits at the centre of the Internet, connecting people, applications, and devices—making DNS a powerful tool for protecting networks as well as penetrating them,” said Craig Sanderson, senior director of security products at Infoblox. “Organisations can enhance their security by acquiring and understanding DNS threat intelligence data, then using that data to block access to malicious domains.”
The full Infoblox DNS Threat Index report for the second quarter of 2015 is available for free, with no registration required, visit HERE. [su_box title=”About Infoblox” style=”noise” box_color=”#336588″]
Infoblox (NYSE:BLOX) delivers network control solutions, the fundamental technology that connects end users, devices, and networks. These solutions enable more than 8,100 enterprises and service providers to transform, secure, and scale complex networks. Infoblox helps take the burden of complex network control out of human hands, reduce costs, and increase security, accuracy, and uptime. Infoblox (www.infoblox.com) is headquartered in Santa Clara, California, and has operations in over 25 countries.[/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.