Phishing attacks trigger massive surge in DNS threats in Q2

The Infoblox DNS Threat Index, measured by Infoblox and Internet Identity (IID), published latest data on malicious activity worldwide that exploits the Domain Name System (DNS). The index hit a record high of 133 in the second quarter of 2015, up 58 percent from the same quarter in 2014.

The second quarter’s record number was driven by a significant increase in phishing activity. Exploit kit activity was down from the previous quarter, but was still a significant threat and was higher than four of the previous five quarters.

[caption id=“attachment_1546227” align=“alignleft” width=“380”]  Representational Image. Reuters[/caption]

Phishing was the biggest gainer in Q2, up 74 percent, according to the index. Phishing, a time-tested weapon of cybercriminals, involves sending emails that point users to fake web sites—mimicking a bank’s home page, for example, or a company’s employee portal—to collect confidential information such as account names and passwords or credit-card numbers.

The index also saw a growing demand for exploit kits, which are packages of malicious software that are typically hidden on web sites and appear to be innocuous until they download malware when a user visits. Infrastructure for exploit kits accounted for 41 percent of malicious domain creation in the second quarter of 2015.

“Exploit kits have ranged from less than 20 percent to more than 70 percent of the index, and this quarter’s volume was roughly the average across the previous 11 quarters,” Infoblox said. “Although far from being the only set of threats within the index, changes in the number of observed new exploit-related domains is highly correlated with a change in the overall index.”

Another trend Infoblox and IID found is a phenomenon they are calling “seasons” of cybercrime. The research indicates that effectively, there are two seasons that are constantly cycling back and forth: planting and harvesting. The planting season is when cybercriminals build infrastructure for malicious attacks. Then attackers begin to harvest their extensive infrastructure, stealing data and generally causing harm to their target victims.

The Infoblox DNS Threat Index has risen consistently for the last three quarters, the company said. “This could indicate cybercriminals are expanding the infrastructure to leverage in targeted attacks for spreading malware and/or exfiltrating data. DNS is critical network infrastructure that can be used as a detection and enforcement point to disrupt communications to these malicious domains.”