Adversarial DNS methods on the rise
The necessity for safe DNS transactions is highlighted in Infoblox’s 2025 DNS Threat Landscape Report, launched this week, which recognized 100.8 million newly noticed domains, with over 25% categorised as malicious or suspicious.
Over the previous 12 months, menace actors repeatedly registered, activated and deployed new domains, usually in very giant units by automated registration processes. By rising their variety of domains, menace actors can bypass conventional forensic-based defenses, that are constructed on a “affected person zero” strategy to safety, wrote Dr. Renée Burton, head of Infoblox Menace Intel, within the report.
“This reactive strategy depends on detecting and analyzing threats after they’ve already been used some place else on the planet. As attackers leverage rising ranges of recent infrastructure, this strategy turns into ineffective––leaving organizations weak. Each digital interplay begins with a DNS request, making it a high-fidelity supply of telemetry for community operations by offering in-depth visibility into which digital belongings are initiating connections over the web,” Burton wrote.
Consequently, analyzing DNS visitors and area utilization is foundational for safety analysts. “DNS information may be reshaped into predictive menace intelligence by holistically accumulating pre-attack telemetry, enriching the info, analyzing it towards baselines, and executing deep menace hunts. These insights provide defenders a complete view of adversarial infrastructures, focused victims, and ways—earlier than the attacker strikes,” Burton wrote.
