SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Digital globe network with connected nodes shadowy hackers and warnings
#
Malware
#
Phishing
#
Advanced Persistent Threat Protection

AI-driven DNS threats & malicious adtech surge worldwide

Tue, 5th Aug 2025
Author image
By Catherine Knowles, Journalist

Infoblox has published its 2025 DNS Threat Landscape Report, revealing increases in artificial intelligence-driven threats and widespread malicious adtech activity impacting organisations worldwide.

DNS exploits rising

The report draws on real-time analysis of more than 70 billion daily DNS queries across thousands of customer environments, providing data on how adversaries exploit DNS infrastructure to deceive users, evade detection, and undermine brand trust. Infoblox Threat Intel has identified over 660 unique threat actors and more than 204,000 suspicious domain clusters to date, with 10 new actors highlighted in the past year alone.

The findings detail how malicious actors are registering unprecedented numbers of domains, using automation to enable large-scale campaigns and circumvent traditional cyber defences. In the past 12 months, 100.8 million newly observed domains were identified, with 25.1% classed as malicious or suspicious by researchers. According to Infoblox, the vast majority of these threat-related domains (95%) were unique to a single customer environment, increasing difficulty for the wider industry to detect and stop these threats.

Malicious adtech and evasive tactics

The analysis highlights the growing influence of malicious adtech, with 82% of customer environments reportedly querying domains associated with blacklisted advertising services. Malicious adtech schemes frequently rely on traffic distribution systems (TDS) to serve harmful content and mask the true nature of destination sites. Nearly 500,000 TDS domains were recorded within Infoblox networks over the year.

Attackers are also harnessing DNS misconfigurations and deploying advanced techniques such as AI-enabled deepfakes and high-speed domain rotation. These tactics allow adversaries to hijack existing domains or impersonate prominent brands for phishing, malware delivery, drive-by downloads, or scams such as fraudulent cryptocurrency investment schemes. TDS enables threats to be redirected or disguised rapidly, hindering detection and response efforts.

"This year's findings highlight the many ways in which threat actors are taking advantage of DNS to operate their campaigns, both in terms of registering large volumes of domain names and also leveraging DNS misconfigurations to hijack existing domains and impersonate major brands. The report exposes the widespread use of traffic distribution systems (TDS) to help disguise these crimes, among other trends security teams must look out for to stay ahead of attackers," said Dr. Renée Burton, head of Infoblox Threat Intel.

Infoblox notes that traditional forensic-based, post-incident detection - also termed a "patient zero" approach - has proven less effective as attackers increase their use of new infrastructures and frequently rotate domains. As threats emerge and evolve at pace, reactive techniques may leave organisations exposed before threats are fully understood or shared across the security industry.

AI, tunnelling and the threat intelligence gap

DNS is also being leveraged for tunnelling, data exfiltration, and command and control activities. The report documents daily detections of activity involving tools such as Cobalt Strike, Sliver, and custom-built malware, which typically require machine learning algorithms to identify due to their obfuscation methods.

Infoblox Threat Intel's research suggests that domain clusters - groups of interrelated domains operated by the same actor - are a significant trend. During the past year, security teams uncovered new actors and observed the continued growth of domain sets used for malicious activities.

Proactive security recommended

The report advocates a shift towards preemptive protection and predictive threat intelligence, emphasising the limitations of relying solely on detection after the fact. The data indicates that using Infoblox's protective DNS solution, 82% of threat-related queries were blocked before they could have a harmful impact, suggesting that proactive monitoring and early intervention can help counter adversarial tactics.

Infoblox researchers argue that combining protective solutions with continuous monitoring of emerging threats is essential to providing security teams the necessary resources and intelligence to disrupt malicious campaigns before significant damage occurs.

The report brings together research insights from the past twelve months to map out attack patterns and equip organisations with up-to-date knowledge on DNS-based threats, with a particular focus on the evolving role of harmful adtech in the modern threat landscape.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Eugene Donovan rejoins Gallagher Security as Training Solutions Engineer
Atturra & EncompaaS partner to accelerate agentic AI adoption
TeamViewer unveils Agentless Access for secure industrial control
Falco integrates Stratoshark for faster forensic cloud security
Exclusive: Informatica's Krish Vitaldevara on AI’s next evolution

Top stories

AI & phishing attacks highlight human risk in Australian fraud
Synology unveils PAS7700 NVMe storage to meet AI data surge
Exclusive: Coevolve's Tim Sullivan warns firms on AI connectivity gap
Financial firms struggle to fully scale AI amid data silos & security
Datadog launches cloud storage tool to tackle rising AI costs