Posted by: RAH Infotech | March 29, 2016

More Than 90 Percent of Newly Observed Malicious Domains Worldwide Hosted in the U.S. and Germany, According to the Infoblox DNS Threat Index

Creation of malicious DNS infrastructure rebounds to near record levels in the fourth quarter of 2015

Infoblox Inc., the network control company, announced the Infoblox DNS Threat Index, which measures the creation of malicious Domain Name System (DNS) infrastructure, unexpectedly rebounded to near record levels in the fourth quarter of 2015. Infoblox researchers also found that 92 percent of newly observed malicious domains in Q4 were hosted in either the United States or Germany.

After dipping in Q3 2015, the Infoblox DNS Threat Index in Q4 2015 increased to 128—near the record high of 133 established in Q2 2015. This is a rise of 49 percent from Q4 2014, and an increase of five percent from the previous quarter, meaning the number of malicious domains is increasing from quarter to quarter and year to year.

The results break with previous cycles where record high threat levels (indicating the “planting” of malicious new infrastructure) were followed by several quarters of relative quiet as cybercriminals used that infrastructure to harvest data and harm victims. This also means the threat index for all of 2015 has been well above its historical average, meaning that organizations of all sizes and types continue to face unrelenting attacks.

The Infoblox DNS Threat Index tracks the creation of malicious DNS infrastructure, through both registration of new domains and hijacking of previously legitimate domains or hosts. The baseline for the index is 100, which is the average for creation of DNS-based threat infrastructure during the eight quarters of 2013 and 2014.

DNS is the address book of the Internet, translating domain names such as www.google.com into machine-readable Internet Protocol (IP) addresses such as 74.125.20.106. Because DNS is required for almost all Internet connections, cybercriminals are constantly creating new domains and subdomains to unleash a variety of threats including exploit kits, phishing, and distributed denial of service (DDoS) attacks.

Old Exploit Kit Re-emerges

Exploit kits are a particularly alarming category of malware because they represent the automation of cybercrime. A small number of highly skilled hackers can create the kits, which are packages for delivering a malware payload, and then sell or rent these toolkits to ordinary criminals with little technical experience. This can vastly increase the ranks of malicious attackers capable of going after individuals, businesses, schools, and government agencies.

While Angler continues to lead DNS exploit kit activity, RIG—an older kit that has been far back in the pack in usage during previous quarters—surged into second place. Infoblox analysis of RIG activity in 2015 shows that it began using domain shadowing techniques similar to those pioneered by Angler to defeat reputation-based blocking strategies. This indicates that as exploit kits are updated in coming years, there may be a reappearance of past threats in a new guise or location.

For details on methodology and to read the full Infoblox DNS Threat Index report for the fourth quarter of 2015, go to www.infoblox.com/dns-threat-index.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: