DNS is a critical protocol for network functionality, yet it is often inadequately monitored, making it a prime target for cyber attacks.

Attacks leveraging DNS pose significant business risks, including data loss, downtime, and reputational damage, underscoring the urgent need for robust DNS security measures.

Phishing and malware distribution via DNS are on the rise, with attackers using domain generation algorithms (DGAs) to create numerous fake domains, complicating defense strategies.

Attackers are increasingly utilizing trusted protocols like HTTPS and DNS over HTTPS (DoH) to carry out attacks, which complicates detection efforts for enterprises.

The misuse of DoH contributes to the challenge of detecting malicious activities, as encryption can mask harmful traffic from monitoring tools.

Enterprises are advised to review their use of DoH to maintain visibility and control over DNS traffic, including logging DNS activity.

CISOs are urged to treat DNS as a crucial security data source to identify early signs of compromise and implement advanced DNS-layer defenses.

Techniques used in DNS attacks are evolving, with DNS tunneling becoming more prevalent, allowing attackers to transmit data covertly through DNS queries.

The report advocates for enhanced collaboration between network and security teams to improve visibility and response to DNS-related threats.

The 2025 DNS Threat Landscape Report by Infoblox reveals that threat actors are increasingly exploiting DNS for data exfiltration, evasion of defenses, and malware delivery.