Technologies
Services
Business
Devices
At the scale of the Internet, threats are relentless. Domain Name System (DNS) technology is over 40 years old, but it remains just as relevant today—if not more so—to help organizations stay secure from malicious threats. What most people don’t know is that more than 70% of attacks involve the DNS layer. Every malicious request blocked represents a real attack prevented, real harm avoided, and real people protected. This underscores the power of protective DNS; while it may not be the only tool in your security arsenal, it is one of the essentials.
To better understand the threat activity we see in the DNS world, we analyzed network traffic from the past year and uncovered some overarching trends. Let’s dive into the data to find out what’s happening and what to do about it.
Analysis of last year’s network traffic found that one in 174 requests was malicious, up from one in 1,000 in 2023. What does this mean? A malicious DNS request is a query made to a DNS server by a person or a system they set up that intends harm. This could be the exfiltration of data, the delivery of malware or the enablement of command-and-control operations, phishing or other cyberattacks.
Put another way, our findings showed that if the average person makes 5,000 DNS requests per day, a typicaluser could encounter as many as29 threat queries in a single day.
This is important to consider because DNS is the foundation of the internet; it enables your business by connecting employees to your systems so they can do their work. It connects customers to your website and enables partners to access your services. Your whole business might go offline without DNS. Moreover, if your DNS isn’t secure, all the connectivity it affords could become an entry point for malicious actors.
In other words, your business could be on the line; a successful attack via DNS could lead to operational disruption, financial loss and reputational damage. You must regard DNS security with the same level of protective strategy that you apply to other aspects of your enterprise.
As AI use has risen, so have scams using or exploiting AI. Throughout the year, we consistently saw new domains using variants of the terms “machine learning” and “artificial intelligence” attached to a number of cheaper top-level domains (TLDs) like .today, .life, .shop, .site, .zone or .fyi. It’s evident from the keywords used in these domains – “courses,” “online courses for,” “degrees” and “courses online” – that they were likely created to take advantage of increased interest in AI.
Still other websites were created to resemble AI compliance software or AI tool lists. Since threat actors set up these domains for a brief time, most of them aren’t active anymore or were removed by the registrar. Though these scams tend to be short-lived, they can still cause significant damage within the timeframe they are active.
The five countries with the highest percentage of malicious requests on our network are Germany (1.14%), Czech Republic (0.89%), Italy (0.79%), Switzerland (0.78%) and Poland (0.67%). Why? One likely factor is that they host many Content Delivery Networks (CDNs) or data centers, which criminals sometimes use to host their malicious domains. Switzerland and Germany, in particular, have a reputation for advanced infrastructure and robust data privacy regulations, which can attract both law-abiding organizations and cybercriminals alike.
Just .47% of all requests trafficked through our U.S. servers turned out to be threats. Yet that threat traffic percentage spiked from July to September. This was the period leading up to the 2024 elections and, if looked at by itself, it would have ranked the U.S. in seventh place for the percentage of malicious requests. And across all nations on our network, the average of threat query traffic was 0.41%, meaning the U.S. was at greater risk of threats than our network’s average.
Remaining competitive and safeguarding your reputation entails keeping your digital services reliable and secure at every touchpoint. Take these three steps to secure your DNS:
DNS is sometimes an overlooked element of security architecture, but it offers essential visibility into a company’s threat landscape. Using DNS data in your security strategy uncovers user activity patterns, makes insights available for Root Cause Analysis (RCA), and highlights network trends that you need to act on.
Protective DNS isn’t the only thing you need, but it is one of the foundational elements and it must be one of the first things considered in your security portfolio. Not only can it help protect your workforce, but it can also protect your workplace – in a cost-effective manner. As evolving threats and shadow IT complicate cybersecurity, protective DNS is key for helping secure your company’s digital future.
The views expressed in this article belong solely to the author and do not represent The Fast Mode. While information provided in this post is obtained from sources believed by The Fast Mode to be reliable, The Fast Mode is not liable for any losses or damages arising from any information limitations, changes, inaccuracies, misrepresentations, omissions or errors contained therein. The heading is for ease of reference and shall not be deemed to influence the information presented.
TK Keanini is the Chief Technology Officer at DNSFilter where he leads product management, customer experience, engineering, and security intelligence toward ongoing innovation and growth, focusing on customer needs and feedback to determine product direction.
PREVIOUS POST
NEWSLETTER
Get updates and alerts
delivered to your inbox
NEWSLETTER
Get updates and alerts
delivered to your inbox
COPYRIGHT © 2013 – 2025 THE FAST MODE
About The Author
More Stories
Anatomy of a Scam
Climate and Environmental Sustainability Within the IETF and IRTF
From Commitments to Practice: Internet Society’s Priorities for WSIS+20 Implementation