Infoblox has released its 2025 DNS Threat Landscape report showing a significant increase in AI-driven threats and the use of malicious ad technology in cyber-attacks.
Widespread malicious domains
The report is based on the analysis of over 70 billion DNS queries per day from numerous customer environments, providing an extensive overview of how DNS is exploited for cybercrime. Over the past year, researchers from Infoblox Threat Intel observed 100.8 million newly registered domains, with 25.1 per cent deemed either malicious or suspicious. This demonstrates a continued and growing challenge for security teams in monitoring and mitigating newly emerging threats.
A notable finding is that 95 per cent of threat-related domains were observed in just one customer environment. This underlines the difficulties faced by security professionals, as traditional, forensic-based defences often cannot react swiftly enough to new, targeted attacks before their impact is felt in individual organisations.
Malicious adtech and distribution systems
The report highlights the significant role of malicious advertising technology in current cyber-attacks. Infoblox states that 82 per cent of customer environments interacted with domains associated with malicious adtech, a method that enables threat actors to randomly rotate vast numbers of domains to evade detection by security systems. Nearly half a million traffic distribution system (TDS) domains were detected in the past 12 months within Infoblox-monitored networks, further demonstrating the scale and sophistication of these strategies.
Infoblox notes that such methods allow attackers to deceive users, employ evasive tactics and impersonate reputable brands. Attackers increasingly register and exploit large volumes of domains using automated processes, bypassing reactive defences and exposing organisations to risks such as phishing, malware dissemination, and fraudulent schemes, including fake cryptocurrency investment sites.
“This year’s findings highlight the many ways in which threat actors are taking advantage of DNS to operate their campaigns, both in terms of registering large volumes of domain names and also leveraging DNS misconfigurations to hijack existing domains and impersonate major brands,” said Dr. Renée Burton, Head of Infoblox Threat Intel. “The report exposes the widespread use of traffic distribution systems (TDS) to help disguise these crimes, among other trends security teams must look out for to stay ahead of attackers.”
Proliferation of threat actors and domain clusters
Since it began tracking, Infoblox Threat Intel has identified over 660 unique threat actors and more than 204,000 suspicious domain clusters, each representing groups of domains believed to be controlled by the same adversarial party. In the last 12 months alone, researchers documented the activities of 10 new actors and described the continued evolution of malicious adtech, particularly how it leverages TDS to obfuscate the true nature of its campaigns.
Machine learning and defence challenges
The research also emphasises the use of machine learning to detect daily instances of DNS tunnelling, data exfiltration, and command and control communications. Infoblox points to specific tools, such as Cobalt Strike and Sliver, which are commonly used by attackers for these purposes. These findings suggest that advanced detection methods are a necessary component of contemporary cybersecurity infrastructure.
Call for proactive security
Given the mounting use of artificial intelligence and automated infrastructures by attackers, Infoblox stresses the importance of preemptive security measures. The report suggests that a shift towards predictive threat intelligence can enable organisations to block threats before they become active. Infoblox states its own protective DNS solution was able to block 82 per cent of threat-related queries in advance of initial impact.
Infoblox advocates for proactive security protocols in addition to continuous monitoring, noting, “Proactive protection, paired with consistent radar on emerging threats, tips the scales in favour of security teams – allowing them to pull ahead of attackers and interrupt their unlimited supply of domains.”
Conclusion of research period
This year’s report brings together the research of the past 12 months to provide actionable insights for security teams. It highlights the increasing complexity of the DNS threat landscape, the significant use of adtech in malicious activities, and the need for preemptive security practices as attackers adopt new technologies and tactics.
Click Here For The Original Source.
