Infoblox in its recent Security Assessment Report for the first quarter of 2016, finds that 83% – more than four out of five- of enterprise networks tested by Infoblox show evidence of malicious DNS activity.
In the first quarter of 2016, 519 files capturing DNS traffic were uploaded to Infoblox for assessment, coming from 235 customers across a wide range of industries and geographies. Infoblox found 83% of the files showed evidence of suspicious DNS activity.
“This result is consistent with what security professionals have been saying for some time: Perimeter defense is no longer sufficient, because almost all large enterprise networks have been compromised to a greater or lesser extent,” said Craig Sanderson, Senior director of security products at Infoblox. “The new mandate for enterprise security teams is to quickly discover and remediate threats inside the network, before they cause significant damage.”
Among the specific threats found in the files during the first quarter,
• Botnets – 54%
• Protocol anomalies- 54%
• DNS tunneling – 18%
• ZeuS malware – 17%
• Distributed denial of service (DDoS) traffic – 15%
• CryptoLocker ransomware – 13%
• Amplification and reflection traffic -12%
• Heartbleed – 11%
“The prevalence of these attacks shows the value of DNS in finding threats aimed at disrupting organizations and stealing valuable data, as well as the extent to which organizational infrastructure can be hijacked to mount attacks on the third parties,” said Sanderson.
