Phishing attacks trigger massive surge in DNS threats in Q2

The Infoblox DNS Threat Index published latest data on malicious activity worldwide that exploits the Domain Name System (DNS).

FP Staff July 28, 2015 13:21:24 IST
Phishing attacks trigger massive surge in DNS threats in Q2
The Infoblox DNS Threat Index, measured by Infoblox and Internet Identity (IID), published latest data on malicious activity worldwide that exploits the Domain Name System (DNS). The index hit a record high of 133 in the second quarter of 2015, up 58 percent from the same quarter in 2014.
The second quarter’s record number was driven by a significant increase in phishing activity. Exploit kit activity was down from the previous quarter, but was still a significant threat and was higher than four of the previous five quarters.
Phishing attacks trigger massive surge in DNS threats in Q2

Representational Image. Reuters

Phishing was the biggest gainer in Q2, up 74 percent, according to the index. Phishing, a time-tested weapon of cybercriminals, involves sending emails that point users to fake web sites—mimicking a bank’s home page, for example, or a company’s employee portal—to collect confidential information such as account names and passwords or credit-card numbers.
The index also saw a growing demand for exploit kits, which are packages of malicious software that are typically hidden on web sites and appear to be innocuous until they download malware when a user visits. Infrastructure for exploit kits accounted for 41 percent of malicious domain creation in the second quarter of 2015.
"Exploit kits have ranged from less than 20 percent to more than 70 percent of the index, and this quarter’s volume was roughly the average across the previous 11 quarters," Infoblox said. "Although far from being the only set of threats within the index, changes in the number of observed new exploit-related domains is highly correlated with a change in the overall index."
Another trend Infoblox and IID found is a phenomenon they are calling “seasons” of cybercrime. The research indicates that effectively, there are two seasons that are constantly cycling back and forth: planting and harvesting. The planting season is when cybercriminals build infrastructure for malicious attacks. Then attackers begin to harvest their extensive infrastructure, stealing data and generally causing harm to their target victims.
The Infoblox DNS Threat Index has risen consistently for the last three quarters, the company said. "This could indicate cybercriminals are expanding the infrastructure to leverage in targeted attacks for spreading malware and/or exfiltrating data. DNS is critical network infrastructure that can be used as a detection and enforcement point to disrupt communications to these malicious domains."

Updated Date:

also read

US charges three Ukranians for stealing payment card numbers of US citizens
News & Analysis

US charges three Ukranians for stealing payment card numbers of US citizens

The defendants used a front company named “Combi Security” that claims to have offices in Moscow.

Rahul Gandhi's Twitter account hacked: Lessons to be learned from the compromise
News & Analysis

Rahul Gandhi's Twitter account hacked: Lessons to be learned from the compromise

Rahul Gandhi's official Twitter handle – @OfficeOfRG – was hacked on 30 November after it emerged that obscene tweets were being posted by the account. The situation is now under control and Gandhi has restored his access with a tweet directed at his haters.

LinkedIn Alert: Phishing scam uses security update to steal users’ credentials
Business

LinkedIn Alert: Phishing scam uses security update to steal users’ credentials

The attachment is a copy of the real LinkedIn.com website. However, the website’s source has been modified, so if the recipient uses this web page to sign in to their LinkedIn account, their credentials will be sent directly to the attacker.