Infoblox unveils surge in DNS-based cyberthreats and AI-enabled evasion tactics

Infoblox, a prominent name in cloud networking and security services, has published its highly anticipated 2025 DNS Threat Landscape Report. This comprehensive study reveals a notable increase in DNS-based cyberthreats, showcasing the advanced techniques adversaries are employing. Threat actors now leverage AI-enabled deepfakes, malicious adtech, and sophisticated domain tactics to exploit vulnerabilities.

Derived from pre-attack telemetry and real-time analyses of DNS queries gathered from thousands of customer environments—an impressive feat considering the 70 billion DNS queries reviewed daily—the report offers invaluable insights. These findings illustrate how cybercriminals manipulate DNS to deceive users, escape detection, and hijack trust.

"This year's findings highlight the many ways in which threat actors are taking advantage of DNS to operate their campaigns, both in terms of registering large volumes of domain names and also leveraging DNS misconfigurations to hijack existing domains and impersonate major brands," said Dr. Renée Burton, head of Infoblox Threat Intel. "The report exposes the widespread use of traffic distribution systems (TDS) to help disguise these crimes, among other trends security teams must look out for to stay ahead of attackers."

Since its inception, Infoblox Threat Intel has identified over 660 unique threat actors and detected more than 204,000 suspicious domain clusters. Over the past year, their research has focused on uncovering deceptive malintent, particularly through the lens of malicious adtech. This aggressive form of adtech employs traffic distribution systems (TDS) to obscure threats.

Top Findings

• 100.8 million newly observed domains surfaced in the past year, with 25.1 percent deemed malicious or suspicious.
• 95 percent of threat-linked domains appeared in only one customer environment, highlighting detection challenges.
• 82 percent of customer environments confronted domains linked with malicious adtech that skilfully evades conventional security tools.
• The last 12 months saw near 500,000 TDS domains identified within Infoblox networks.
• DNS Tunnelling and command and control tactics are detected daily, with solutions requiring advanced ML algorithms.

As highlighted in the report, there is a notable rise in newly observed domains, exceeding over 100.8 million, of which more than a quarter were classified as malicious. This activity necessitates significant concern as attackers continually register and activate new domains, challenging traditional security solutions which are built on a 'patient-zero' approach to security. This approach is reactive, only detecting and analysing threats after they have been used elsewhere.

In the backdrop of such dynamic threats, organisations must prioritise pre-emptive security strategies. The report emphasises a shift from reactive to proactive threat management. Infoblox's protective DNS solutions are leading this feint, successfully blocking a significant proportion of threat-related queries before they can cause harm.

The key takeaway echoes the urgency for enterprises to commit to early detection and robust threat intelligence to keep adversaries at bay, ensuring a secure digital ecosystem.