Ninety-two percent of newly observed malicious domains in Q4 2015 were hosted in either the United States or Germany according to new research from Infoblox.
The network control company's DNS Threat Index, which measures creation of malicious DNS infrastructure worldwide, rose 49 percent in Q4 2015 compared to Q4 2014, and increased 5 percent over the previous quarter.
While much cybercrime originates from hotspots in Eastern Europe, Southeast Asia and Africa, this analysis shows the underlying infrastructure used to launch the attacks themselves sits elsewhere—in the backyard of the world’s top economies.
"Our findings may indicate we're entering a new phase of sustained and simultaneous plant/harvest activity," said Rod Rasmussen, vice president of cybersecurity at Infoblox. "As we see this escalation of efforts by cybercriminals, it is essential we go after the infrastructure that cybercriminals are using to host these domains. So, for the first time, we are using the index to highlight the countries with the most hosting locations for bad domains."
The Infoblox DNS Threat Index tracks the creation of malicious DNS infrastructure, through both registration of new domains and hijacking of previously legitimate domains or hosts. The baseline for the index is 100, which is the average for creation of DNS-based threat infrastructure during the eight quarters of 2013 and 2014.