What’s Your Policy on Cybersecurity Awareness? What DNS Data Reveals

As another Cybersecurity Awareness month rolls around, we’re reminded of all the usual tips: 

• Don’t use repeated passwords—even better, use a password manager
  
  
• Verify who you’re talking to before you hand over credentials, private information, or money

• Think twice before you click

That last point is easy in theory, but harder in practice even for cybersecurity professionals. After all, the reality of multi-tasking and urgency can lead to someone making a big mistake even if they know better. Unfortunately, convenience and the drive to be productive often get in the way of good cybersecurity hygiene.

To help put into perspective why that last point—think twice before you click—is so important, and what you can do about it, we’ve looked at data on the DNSFilter network to contextualize the risky behavior that every organization needs to deal with. 

Are Threats Increasing?

In the third quarter of 2024, 3.6% of the unique domains our users attempted to access were categorized as threats, up significantly from just 1.6% over the same time period in 2023. Meanwhile, over that same time period, the queries to malicious domains have remained relatively steady, moving slightly down from just .14% to .13%. It is important to keep in mind that over this time the DNSFilter’s network has grown substantially, and we are now querying 130 billion queries every single day. 

To put this into perspective, that very small percentage of threat queries adds up to over 16.6 billion possible threats between July and September 2024. What these percentage changes tell us is that while traffic has remained steady, percentage-wise, more domains are contributing to the overall malicious behavior on the DNSFilter network.

Malware as the Most Common Threat

Over the past 12 months, when zeroing in on the most destructive threat domains on the DNSFilter network (botnet, cryptomining, malware, and phishing), malware has been the top threat detected on our network, accounting for more than 50% of all threat queries. DNSFilter blocked nearly 2 billion malware-related requests in the past six months alone. These numbers underscore how prevalent malware has become and how crucial it is for businesses to implement proactive defenses.

Yet, the threat landscape is nuanced. While malware is the most significant risk in many industries, our data shows that phishing and deception sites are equally prevalent in the education and technology sectors. Schools, universities, and tech companies face a unique combination of threats, requiring them to take a multifaceted approach to security.

Different industries face distinct challenges. The manufacturing sector is far more likely to encounter malware than phishing according to the data on the DNSFilter network. This may be due to its reliance on legacy systems, which tend to be more vulnerable to exploitation. Meanwhile, the telecommunications industry has seen the highest number of cryptomining requests on the DNSFilter network. Despite being a prime target for cryptojacking, many telecom organizations still lack policies to block cryptomining activity, exposing themselves to avoidable security risks.

Trending Data: Threat Actors Capitalizing on Current Events

It’s crucial to highlight how threat actors exploit significant events to target unsuspecting users. Our analysis from July to September reveals alarming trends in malicious domain activity related to current affairs.

The Paris Olympics: During this period, we observed a notable spike in traffic to possibly malicious domains containing "olympic" in the domain name. The peak occurred on August 1, when queries surged by an astonishing 546% above the average over this time period. 

Hurricane Season: Similarly, as the hurricane season ramped up, we detected increased activity in domains featuring the term "hurricane.” Note, this traffic was on a smaller scale in comparison to the “Olympic” data.

On September 27, malicious queries surged by 460% over the daily average for domains containing this term. As Hurricane Helene made landfall, new domains with “helene” in the domain name appeared on our network, reaching a peak on October 3 which was 350% higher than the previous average of domains containing that term.

This trend indicates that threat actors are not just preying on our joyous moments but are also seizing opportunities during times of fear and uncertainty. With domain terms that include “cleanup”, “victims”, and “fund”, the line between legitimate sites meant to help and possible threats gets blurred very quickly.

These data points serve as a stark reminder that threat actors thrive on our best intentions and our low moments. Whether it’s a high-profile event like the Olympics or a natural disaster, these occurrences create fertile ground for scams, misinformation, and malicious activity.

Actions You Can Take

Be mindful of every click, and put protections in place to protect yourself. With threat actors preying on our vulnerabilities, it’s very easy to click something we really shouldn’t. Make cybersecurity awareness part of the conversations you’re having in your workplace, and don’t keep those conversations to just IT and cybersecurity professionals. Every person has an equal chance of encountering a malicious link, but we can increase the chances of avoiding negative consequences with knowledge and easy-to-use security tools.

Here are a few reminders to help you and your end users navigate Cybersecurity Awareness Month:

• Hover over links before clicking to make sure they match your intended destination
  
  
• Always validate the identity of anyone asking for sensitive information through another channel
  
  
• Implement robust dns filtering policies to ensure that one accidental wrong click isn't detrimental
  
  
• Update software when you get the alert
  
  
• Understand that mistakes happen, and ensure that employees feel empowered (not afraid) to bring up security concerns

For more recommended reading on phishing and typosquatting, check out Fool me once, shame on not using DNS protection by our CTO, TK Keanini. 

Get a free trial of DNSFilter and start blocking malicious domains, like the ones highlighted here, today.