DNS-sourced threats are evolving with new evasion and stealth techniques that bypass security controls.
In 2024, Infoblox added 20 million new indicators and provided an average of 63 days of protection before a malicious domain was actively used.
Registered Domain Generation Algorithm (RDGA) is used by adversaries to create numerous domain names, which was the top technique seen in 2024.
Lookalike domain names were discovered during key events like the Olympics and elections in 2024.
Traffic Distribution Systems (TDSs) allow actors to target specific audiences making them the second most important technique seen.
Actors are exploiting the effectiveness of sitting duck attacks, which involve hijacking domains for their positive reputation.
DNS tunneling is being used by malicious actors to bypass firewalls and exfiltrate data most of whom remain undetected.
The Muddling Meerkat actor may be linked to a nation-state nexus that probes DNS networks through open resolvers.
Malicious usage of DNS remains underreported in the security industry, and organizations should include protection against the malicious usage of domains as part of the enterprise defense-in-depth strategy.
Infoblox enables security teams to block over 75% of malicious domains before victim interaction.