“Majority of New Malicious Domains Reside in the U.S. and Germany, Reveals Infoblox DNS Threat Index”
Alert: Attempt to access property “post_parent” on null in /home/defensea/english.defensearabia.com/wp-includes/link-template.php on line 479
Alert: Attempt to access property “post_name” on null in /home/defensea/english.defensearabia.com/wp-includes/link-template.php on line 517
Obsolete: rtrim(): Providing null to parameter #1 ($string) of type string is obsolete in /home/defensea/english.defensearabia.com/wp-includes/formatting.php on line 2829
Alert: Attempt to access property “ID” on null in /home/defensea/english.defensearabia.com/wp-includes/link-template.php on line 534
Alert: Attempt to access property “post_excerpt” on null in /home/defensea/english.defensearabia.com/wp-content/themes/mh-magazine/includes/core/Custom-Functions.php on line 281
Alert: Attempting to access array offset on value of type bool in /home/defensea/english.defensearabia.com/wp-content/themes/mh-magazine/includes/core/Custom-Functions.php on line 283
Obsolete: ltrim(): Providing null to parameter #1 ($string) of type string is obsolete in /home/defensea/english.defensearabia.com/wp-includes/formatting.php on line 4486
Alert: Attempt to access property “post_title” on null in /home/defensea/english.defensearabia.com/wp-content/themes/mh-magazine/includes/core/Custom-Functions.php on line 283
DUBAI, United Arab Emirates, 5th April, 2015: Infoblox Inc., the enterprise network management solution, today disclosed the Infoblox DNS Threat Index, which assesses the establishment of harmful Domain Name System (DNS) architectures, unexpectedly surged to near historical heights in the fourth quarter of 2015. Infoblox analysts also discovered that 92 percent of recently identified malicious domains in Q4 were hosted in either the United States or Germany.
Following a decline in Q3 2015, the Infoblox DNS Threat Index in Q4 2015 rose to 128—close to the record peak of 133 reached in Q2 2015. This signifies a 49 percent increase from Q4 2014, and a five percent uptick from the preceding quarter, indicating that the quantity of harmful domains is escalating both quarterly and annually.
The findings deviate from previous patterns where unprecedented threat levels (indicating the “establishment” of harmful new infrastructure) were succeeded by several quarters of relative calm as cybercriminals utilized that infrastructure to extract data and exploit victims. This also denotes that the threat index for the entire year of 2015 has been markedly above its historical average, implying that organizations of all sizes and categories continue to endure unyielding assaults.
“Our observations may suggest we’re entering a new epoch of enduring and simultaneous planting/harvesting activity,” declared Rod Rasmussen, vice president of cybersecurity at Infoblox. “As we observe this upsurge in efforts by cybercriminals, it is crucial we target the infrastructure that these perpetrators are utilizing to host these domains. Hence, for the first occasion, we are leveraging the index to underline the nations with the most hosting sites for harmful domains.”
The Infoblox DNS Threat Index monitors the establishment of malicious DNS infrastructure, through both the registration of new domains and the hijacking of previously legitimate domains or hosts. The baseline for the index is set at 100, which represents the average for the creation of DNS-based threat infrastructure during the eight quarters of 2013 and 2014.
DNS acts as the address book of the Internet, converting domain names like www.google.com into machine-readable Internet Protocol (IP) addresses such as 74.125.20.106. Given that DNS is essential for almost all Internet connections, cybercriminals are perpetually devising new domains and subdomains to unleash a spectrum of threats including exploit kits, phishing scams, and distributed denial-of-service (DDoS) attacks.
U.S. Dominates as Target for Compromised Systems
Infoblox identified that the clear preferred country for hosting and executing attacks utilizing harmful DNS infrastructure in Q4 2015 was the United States, which represented 72 percent of newly detected malicious domains. Germany (20 percent) was the sole other nation to account for over two percent of the identified malicious sites. Although a significant amount of cybercrime originates from hotspots in Eastern Europe, Southeast Asia, and Africa, this analysis reveals that the underlying infrastructure employed to launch the attacks resides elsewhere—in the backyards of the world’s leading economies.
It is crucial to highlight that the geographical data is not indicative of “where the perpetrators are,” since exploit kits and other malware can be crafted in one nation, sold in another, and utilized in a third to initiate attacks through systems hosted in a fourth. However, it does point to which countries tend to have either insufficient regulations or enforcement, or both.
“It would be a silver lining if U.S. hosting providers acted swiftly to eliminate harmful content at hazardous domains once they’re recognized, but they generally do not,” remarked Lars Harvey, vice president of security strategy at Infoblox. “The fact remains that many hosting providers can be sluggish in their responses, permitting exploits to proliferate for significantly longer than they should. This should be a pivotal area for enhancement.”
Old Exploit Kit Makes a Comeback
Exploit kits are an especially alarming category of malware due to their automation of cybercrime. A limited number of highly skilled hackers can create these kits, which serve as packages for delivering a malware payload, and subsequently sell or lease these toolkits to typical criminals with minimal technical know-how. This can substantially amplify the number of malicious attackers capable of targeting individuals, enterprises, educational institutions, and governmental bodies.
While Angler persists as the leader in DNS exploit kit activities, RIG—an older kit that had previously lagged in usage during earlier quarters—surged into second place. Infoblox’s analysis of RIG activity in 2015 reveals that it began adopting domain shadowing tactics akin to those pioneered by Angler to circumvent reputation-based blocking measures. This indicates that as exploit kits are updated in coming years, past threats may reemerge in a fresh guise or context.
