Malicious domain registration index indicative of international malware activity
Infoblox has launched what it says is the first security report to look specifically at the creation of malicious domains, the Q2 Infoblox DNS Threat Index, a quarterly indicator of malicious activity worldwide exploiting the Domain Name System (DNS), which is available free.
The index baseline of 100 is based on the average of quarterly results for the years 2013 and 2014, and it is now recording highs of 133, up 58 percent from the second quarter of 2014, attributed to a surge in phishing attacks.
Before cyber-criminals can execute an attack they must lay the groundwork, which is why Infoblox says it is measuring the creation of malicious domain infrastructure to better predict the volume and type of attacks being formulated. Phishing involves sending emails that point users to fake web sites—mimicking say a bank's home page, or a company's employee portal—to collect confidential information such as account names and passwords or credit-card numbers.
The report says that another significant contributor to the index's record high is the growing demand for exploit kits hidden on web sites that download malware whenever a user visits—even if the user takes no action.
Rod Rasmussen, chief technology officer at IID, comments: “DNS is critical infrastructure for the Internet that can't be turned off. Through our analysis, it's apparent that cyber-criminals recognise this and see DNS as a vector for penetrating government, corporate, and personal networks.”
Craig Sanderson, senior director of security products at Infoblox adds that: “Organisations can enhance their security by acquiring and understanding DNS threat intelligence data, then using that data to block access to malicious domains.”