Cisco’s DNS analysis reveals shifting patterns in cyber threats

Cisco’s latest cyber threat report has shed light on the evolving landscape of digital threats, with researchers analysing DNS data to uncover trends in cybercriminal activity.

The networking giant’s “Cyber Threat Trends Report: From Trojan Takeovers to Ransomware Roulette” examines the world of malicious domains, revealing that over a million need blocking every hour. This staggering figure underscores the ongoing challenges faced by cybersecurity professionals.

By analysing eight months of data from August 2023 to March 2024, Cisco’s researchers have mapped out the fluctuations of various cyber threats. The results illustrate a threat landscape that’s in constant flux.

Information stealers topped the list of malware categories, generating significant DNS traffic due to their data exfiltration activities. The researchers noted a pattern of three months of above-average activity followed by a month of relative quiet, suggesting periodic processing of stolen data by attackers.

Perhaps the most intriguing finding was the contrasting trends between Trojans and ransomware. Trojan activity started strong but decreased over time, while ransomware began with lower activity levels but spiked well above average from January onwards.

This inverse relationship might be explained by the sequential nature of these threats. As one Cisco researcher noted, “In many cases threat actors will utilise Trojans to infiltrate and take over a network, and then once they’ve gained sufficient control, deploy ransomware.” This suggests a tactical shift in how cybercriminals are orchestrating their attacks.

In response to these evolving threats, Cisco advises organisations to focus on three key areas: leveraging DNS security, protecting endpoints, and implementing a comprehensive security defence strategy. The report emphasises the importance of visibility in cybersecurity, with one Cisco spokesperson stating, “You can’t protect what you can’t see.”

The findings serve as a reminder that the cybersecurity landscape is dynamic, with threats constantly evolving. Today’s prominent cyber threat may become less significant tomorrow, only to be replaced by a new or resurgent threat.

For those interested in delving deeper into these issues, Cisco is offering a live demo of its Umbrella service on August 21, promising to demonstrate how to “streamline cloud security and embrace an SSE or SASE architecture”.

Cisco’s report provides valuable insights into the current state of cyber threats. It underscores the need for continuous monitoring and adaptation in cybersecurity strategies to keep pace with the ever-changing tactics of cyber attackers.

Read next: Cyber Risks Threaten Businesses – But Detection and Response Can Help