Infoblox unveils surge in DNS-based cyberthreats and AI-enabled evasion tactics

Infoblox's latest report details a rise in DNS-based cyberthreats, highlighting sophisticated AI-enabled attacks that exploit vulnerabilities to deceive users and evade detection.

Infoblox, a prominent name in cloud networking and security services, has published its highly anticipated 2025 DNS Threat Landscape Report. This comprehensive study reveals a notable increase in DNS-based cyberthreats, showcasing the advanced techniques adversaries are employing. Threat actors now leverage AI-enabled deepfakes, malicious adtech, and sophisticated domain tactics to exploit vulnerabilities.

Derived from pre-attack telemetry and real-time analyses of DNS queries gathered from thousands of customer environments—an impressive feat considering the 70 billion DNS queries reviewed daily—the report offers invaluable insights. These findings illustrate how cybercriminals manipulate DNS to deceive users, escape detection, and hijack trust.

"This year's findings highlight the many ways in which threat actors are taking advantage of DNS to operate their campaigns, both in terms of registering large volumes of domain names and also leveraging DNS misconfigurations to hijack existing domains and impersonate major brands," said Dr. Renée Burton, head of Infoblox Threat Intel. "The report exposes the widespread use of traffic distribution systems (TDS) to help disguise these crimes, among other trends security teams must look out for to stay ahead of attackers."

Since its inception, Infoblox Threat Intel has identified over 660 unique threat actors and detected more than 204,000 suspicious domain clusters. Over the past year, their research has focused on uncovering deceptive malintent, particularly through the lens of malicious adtech. This aggressive form of adtech employs traffic distribution systems (TDS) to obscure threats.

Top Findings

  • 100.8 million newly observed domains surfaced in the past year, with 25.1 percent deemed malicious or suspicious.
  • 95 percent of threat-linked domains appeared in only one customer environment, highlighting detection challenges.
  • 82 percent of customer environments confronted domains linked with malicious adtech that skilfully evades conventional security tools.
  • The last 12 months saw near 500,000 TDS domains identified within Infoblox networks.
  • DNS Tunnelling and command and control tactics are detected daily, with solutions requiring advanced ML algorithms.

As highlighted in the report, there is a notable rise in newly observed domains, exceeding over 100.8 million, of which more than a quarter were classified as malicious. This activity necessitates significant concern as attackers continually register and activate new domains, challenging traditional security solutions which are built on a 'patient-zero' approach to security. This approach is reactive, only detecting and analysing threats after they have been used elsewhere.

In the backdrop of such dynamic threats, organisations must prioritise pre-emptive security strategies. The report emphasises a shift from reactive to proactive threat management. Infoblox's protective DNS solutions are leading this feint, successfully blocking a significant proportion of threat-related queries before they can cause harm.

The key takeaway echoes the urgency for enterprises to commit to early detection and robust threat intelligence to keep adversaries at bay, ensuring a secure digital ecosystem.

CrowdStrike's 2025 Threat Hunting Report unveils the evolution of cyberattacks as adversaries...
Netskope reports an unprecedented rise in genAI platform usage, with a notable increase in shadow...
Zayo Europe bolsters pan-European network expansion and workforce growth, underlining its strategic...
Solgari and Cognizant team up to streamline procurement and deployment of customer engagement...
GCX appoints Luca Simonelli to enhance global partnerships and lead operations in Italy, amid...
SolarWinds report suggests IT leaders underestimate the impact of broken processes and limited...
As AI adoption lags among UK SMEs, potential risks emerge. How can small businesses overcome...
BOXX Insurance is set to join Zurich Insurance Group, continuing its mission in cyber insurance and...