Cyber Security Insights for Resilient Digital Defence

ISE 2026 launches inaugural CyberSecurity Summit

Integrated Systems Europe (ISE), a Barcelona-based annual trade show for audiovisual (AV) and systems integration professionals, has announced the launch of the CyberSecurity Summit, a major new addition to its 2026 content programme. Scheduled for Thursday, 5 February 2026, the Summit will tackle the escalating cybersecurity challenges confronting the professional AV and systems integration industries as digital threats increasingly impact critical infrastructure, smart buildings, venues, and public services. The announcement comes during European Cybersecurity Awareness Month, a continent-wide initiative coordinated by ENISA and the European Commission to promote safer digital practices across businesses, institutions, and individuals. With cybercrime surging across Europe and globally, the timing of ISE’s new Summit couldn’t be more relevant. Cybersecurity: A business-critical priority for AV As AV systems become increasingly networked and embedded in enterprise, public sector, and venue environments, they are directly exposed to the same vulnerabilities as traditional IT infrastructure. From control rooms and conferencing platforms to digital signage, smart buildings, and event venues, AV solutions are now high-value targets for ransomware, data breaches, social engineering, and denial-of-service attacks. At ISE’s CyberSecurity Summit, AV professionals will learn about safeguarding critical systems, navigate evolving regulations like NIS2 and ISO 27001, and transform cybersecurity from a vulnerability into a strategic advantage, before it’s too late “Cybersecurity is no longer a technical afterthought; it’s a business-critical factor,” says Mike Blackman, Managing Director of Integrated Systems Events. “For AV manufacturers, integrators, and technology users, it’s essential for accessing public tenders, ensuring regulatory compliance, and building long-term trust with clients.” Pere Ferrer i Sastre, Summit Chair and former Director General of the Catalan Police (Mossos d’Esquadra), with extensive experience in public security, digital transformation, regulatory frameworks, and critical infrastructure management, will facilitate discussions addressing emerging digital threats to the AV and systems integration sectors. He explains, “Cybersecurity is no longer optional; it lies at the heart of every AV innovation. ISE’s CyberSecurity Summit brings together the brightest minds in our industry to confront today’s digital threats head-on and turn them into strategic advantages. "By sharing actionable insights, proven strategies, and real-world experience, we will empower AV professionals to protect critical systems, lead with confidence, and build a safer, smarter future for the entire industry.” The CyberSecurity Summit at ISE 2026 will unite AV and cybersecurity leaders to tackle the most pressing challenges facing connected AV systems in critical infrastructure, smart buildings, and corporate environments. Opening with Pere Ferrer, the Summit features keynotes from Shaun Reardon (DNV Cyber) on building cyber resilience, Timo Kosig and Andrew Dowsett (Barco Control Rooms) on secure operations, and Pedro Pablo Pérez (TRC) on protecting corporate communications. Roundtables with Laura Caballero (Cybersecurity Agency of Catalonia), Folly Farrel (TÜV SÜD), and Sergi Carmona (Veolia España) will explore compliance, governance, and best practices for securing critical AV environments. Cybersecurity: A strategic imperative for AV The Summit is part of ISE 2026’s overarching theme, "Push Beyond", which challenges the global AV and systems integration community to redefine what’s possible. By introducing the CyberSecurity Summit, ISE is pushing beyond traditional boundaries to address one of the most urgent and complex issues facing the industry today. Don’t miss your chance to be part of what’s next Registration for ISE 2026 is now open, so take your place among the visionaries, trailblazers, and creative minds from every corner of the globe. Whether you're an AV integrator, manufacturer, IT manager, or facilities director, the CyberSecurity Summit offers essential knowledge and networking opportunities to help you navigate the evolving threat landscape. It’s a chance to learn from leading voices in cybersecurity and discover how to protect your business, your clients, and your reputation. Reserve your spot at the event where tomorrow’s innovations are unveiled, and let’s Push Beyond what’s possible, together: Click here to register for free using the code ‘dcnnews’ to Push Beyond.

Warnings of drone‑enabled cyber threats to critical infrastructure

As drone technology becomes more sophisticated and accessible across the globe, researchers from Innovation Central Canberra (ICC) at the University of Canberra have teamed up with Australian tech company DroneShield to understand the risk profile of cyber attacks to critical infrastructure. With the rapid expansion of drone tech reshaping Australia’s security landscape, Defence, national security, and critical infrastructure are facing new challenges; meeting these requires capability that is not only technologically advanced, but also assessed and refined through rigorous, independent research environments. “We know how drones have changed traditional warfare, but are we oblivious of the role they play in cyber security?" questions Professor Frank den Hartog, Cisco Research Chair in Critical Infrastructure at the University of Canberra. "That's a worry, and an opportunity for our drone and cyber industry.” The project began with a team comprising Professor den Hartog and ICC students - namely Andrew Giumelli and Simone Chitsinde - undertaking targeted analysis and interviewing critical infrastructure operators to further understand the cyber threat environment through the use of drones. Increasing threats to critical infrastructure In the independent report, researchers found no recorded domestic cyber incidents using drones to date, but also noted that limited drone detection capabilities and awareness, minimal government guidance, and rising drone use are creating vulnerabilities. This highlights a gap in reporting on drone-enabled cyber threats in Australia. The findings warn that the combinations of steadily increasing drone capability, limited awareness across industries, and a lack of targeted government guidance is creating a widening gap. The report emphasises that drones are no longer emerging technology. Their capability, affordability, and accessibility have increased dramatically in recent years, and malicious actors are experimenting with drone-borne cyber techniques overseas. Within the next five years, as drone and cyber capabilities continue to evolve, operators may need to reassess the likelihood and relevance of drone-enabled cyber threats. Professor den Hartog continues, “This research highlights the need for greater education, more industry collaboration, improved knowledge sharing, and broader consideration of counter-drone capabilities across critical infrastructure sectors. “We need to encourage operators to periodically and critically review how drones are used within their operations, assess the cybersecurity implications of increased adoption, and explore strategies to integrate drone risk into existing security and resilience programs.” DroneShield’s engagement with ICC highlights the broader importance of research-industry collaboration in strengthening countries' sovereign capabilities. Acknowledging this, both organisations say they are exploring opportunities to continue the partnership.

ISE 2026 returns to Barcelona

Integrated Systems Europe (ISE) 2026 returns to Fira de Barcelona, Gran Via from 3–6 February, inviting attendees to ‘Push Beyond’ the boundaries of cyber security and intelligence. The organisers state that this event is "where visionaries, creators, and innovators unite to shape the future, foster collaboration, and spark new ideas." As AV systems become more integrated within enterprise, public sector, and venue settings, they are increasingly subject to the same security risks as conventional IT infrastructures. Whether deployed in control rooms, conferencing platforms, digital signage, smart buildings, or event venues, AV solutions have become prominent targets for threats such as ransomware, data breaches, social engineering, and denial-of-service attacks. ISE 2026 aims to push beyond to dive deeper into this defining megatrend, the importance of collaboration and innovation, and preparing AV professionals for safeguarding the future from emerging digital threats. CyberSecurity Summit On Thursday, 5 February, 09:00–12:00 in CC5.1, ISE 2026 will host the brand-new CyberSecurity Summit, a gathering for AV professionals and business leaders determined to strengthen their organisation’s defences. Recognising cyber security as a business-critical priority, the Summit will examine its pivotal role in securing public tenders, ensuring regulatory compliance, and maintaining client trust. Expert speakers will address urgent real-world challenges, guide delegates in pinpointing the most pressing risks, and outline practical, actionable strategies. During the summit, AV professionals will learn about safeguarding critical systems, navigate evolving regulations like NIS2 and ISO 27001, and transform cyber security from a vulnerability into a strategic advantage. Attendees should leave equipped with a clear, sector-relevant roadmap to enhance their organisations' digital resilience in an increasingly connected world. Summit Chair Pere Ferrer i Sastre, former Director General of the Catalan Police (Mossos d’Esquadra), has extensive experience in public security, digital transformation, regulatory frameworks, and critical infrastructure management. He will facilitate discussions addressing emerging digital threats to the AV and systems integration sectors from years of experience in the field. Cybersecurity megatrends This feeds into one of ISE’s defining megatrends for 2026: cyber security. These are environments where safeguarding critical infrastructure and public services against cyber threats has become paramount. At ISE 2026, you’ll discover how the cyber security ecosystem is pushing beyond boundaries to deliver intelligent, resilient, and secure systems that are equipped to protect public sector operations and ensure ongoing wellbeing amidst evolving digital threats. Other megatrends include: AI, robotics, smart spaces, sustainability, and tradescape. Strategies, innovation, and collaboration at ISE Hackathon Putting cyber security prevention into action, the ISE Hackathon brings together a dynamic community of highly skilled participants, representing top international universities. For 48 hours, the student participants will engage in rapid networking, collaboration, brainstorming, and innovation engineering to solve a business challenge, before pitching their ideas to the judging panel. This year, the event will once again offer three separate tracks: cyber security, sustainability, and innovation. The Hackathon is designed to serve as a catalyst for innovation, challenging participants to address critical security challenges through collaborative problem-solving. Connect, collaborate, and revolutionise Sol Rashidi, Chief AI Officer for enterprises, will headline ISE on Wednesday, 5 February 2026. Her keynote, ‘The AI Reality Check: What It Takes to Scale and the Future of Leadership’, will aim to expose the realities of AI beyond the hype, offering practical frameworks and highlighting the importance of AI governance and cyber security for successful scaling. The organisers say ISE 2026 is "more than just an exhibition; it’s a platform for networking, learning, and discovering new ways to drive value in your organisation." With opportunities to meet leading brands, share knowledge with peers, and explore emerging trends in cyber security and AI, those running the event hope every attendee will leave better equipped for the challenges ahead. Why attend ISE 2026? Whether you’re focused on enhancing communication within your organisation or delivering unforgettable live experiences, ISE 2026 is the event that brings it all together. Don’t miss your chance to be at the forefront of industry transformation. Click here to head to the website and register for free with the code ‘dcnnews’ to secure your place.

SIA launches data centre advisory board

The Security Industry Association (SIA), a trade association for global security solution providers, has launched a new Data Center Advisory Board to provide guidance on data centre security matters to its Board of Directors and to support SIA members with relevant resources. The group will be chaired by Jim Black, Senior Director and Security Architect at Microsoft, who has been involved in the company’s cloud and data centre operations since 2011. The establishment of the advisory board comes as global demand for data centre capacity continues to rise, driven by artificial intelligence, cloud services, and other digital technologies. As facilities that host large volumes of sensitive information, data centres face increasing pressure to maintain robust and resilient security practices. A focus on collaboration and guidance According to SIA, the Data Center Advisory Board will contribute to the development of guidance and information related to security deployments, encourage collaboration between security providers and data centre security professionals, and engage with SIA’s government relations team on legislative and regulatory matters where relevant. In his role at Microsoft, Jim is responsible for defining security technology strategy to protect assets and personnel across a global portfolio of more than 400 data centres. He holds several professional certifications, including Certified Protection Professional and Physical Security Professional from ASIS International, as well as Certified Information Systems Security Professional from ISC². Commenting on his appointment, he notes, “The data centre industry is experiencing unprecedented growth and heightened risks driven by emerging technologies and global operational challenges. "I am honoured to serve as SIA’s inaugural Data Center Advisory Board Chair and look forward to working with this accomplished group of industry experts to advance and publish modern security standards that will strengthen cloud critical infrastructure protection worldwide.” Don Erickson, CEO of SIA, says Jim’s experience makes him well suited to the role, commenting, “The Data Center Advisory Board is an important venture for SIA, and we are very pleased that it will be able to benefit from Jim’s experience and expertise in data centre security from its inception. “Jim has for many years been an enthusiastic and generous supporter of SIA, contributing to multiple groups and projects that have advanced the industry’s professionalism and knowledge base. We are excited about what the advisory board will accomplish under his leadership.”

OpenNebula, Canonical partner on cloud security

OpenNebula Systems, a global open-source technology provider, has formed a new partnership with UK developer Canonical to offer Ubuntu Pro as a built-in, security-maintained operating system for hypervisor nodes running OpenNebula. The collaboration is intended to streamline installation, improve long-term maintenance, and reinforce security and compliance for enterprise cloud environments. OpenNebula is used for virtualisation, cloud deployment, and multi-cluster Kubernetes management. It integrates with a range of technology partners, including NetApp and Veeam, and is supported by relationships with NVIDIA, Dell Technologies, and Ampere. These partnerships support its use in high-performance and AI-focused environments. Beginning with the OpenNebula 7.0 release, Ubuntu Pro becomes an optional operating system for hypervisor nodes. Canonical’s long-term security maintenance, rapid patch delivery, and established update process are designed to help teams manage production systems where new vulnerabilities emerge frequently. Integrated security maintenance for hypervisor nodes With Ubuntu Pro embedded into OpenNebula workflows, users will gain access to extended security support, expedited patching, and coordinated lifecycle updates. The approach aims to reduce operational risk and maintain compliance across large-scale, distributed environments. Constantino Vázquez, VP of Engineering Services at OpenNebula Systems, explains, “Our mission is to provide a truly sovereign and secure multi-tenant cloud and edge platform for enterprises and public institutions. "Partnering with Canonical to integrate Ubuntu Pro into OpenNebula strengthens our customers’ confidence by combining open innovation with long-term stability, security, and compliance.” Mark Lewis, VP of Application Services at Canonical, adds, “Ubuntu Pro provides the secure foundation that modern cloud and AI infrastructures demand. "By embedding Ubuntu Pro into OpenNebula, we are providing enterprises [with] a robust and compliance-ready environment from the bare metal to the AI workload - making open source innovation ready for enterprise-grade operations.”

Macquarie, Netskope partner on network security in Australia

Macquarie Telecom, an Australian provider of data centres, cloud services, cybersecurity, and telecommunications, part of Macquarie Technology Group, has announced a partnership with Netskope to simplify how Australian organisations secure and manage data, cloud, and AI applications. The collaboration combines Netskope’s Security Service Edge (SSE) platform with Macquarie Telecom’s software-defined wide area network (SD-WAN). Together, these form a Secure Access Service Edge (SASE) framework, offering integrated networking and security functions for organisations adopting cloud services and AI. Addressing cybersecurity pressures Australian businesses have faced repeated data breaches in recent years, prompting tighter cybersecurity regulation and greater demands on IT teams. The partnership aims to provide unified security and network management, helping organisations protect users and data across different environments. Netskope’s platform consolidates web, data, cloud, and AI security into a single system, designed to reduce costs and balance protection with performance. It is IRAP-assessed at the PROTECTED level for use within Australian Government departments and critical industries. The combined service also supports compliance with the Security of Critical Infrastructure (SOCI) Act and the Essential Eight framework. Luke Clifton, Group Executive for Macquarie Telecom, says, “Organisations big and small are under immense pressure to strengthen their cyber defences while keeping operations simple and manageable. "By joining forces with Netskope, we’re giving customers a smarter, more resilient network backed by integrated, enterprise-grade security. They’re getting the best of both worlds.” Tony Burnside, Senior Vice President and Head of APAC at Netskope, adds, “Modern networks need to be both fast and secure, but many organisations are still having to accept trade-offs between performance and security. "Networking and security consolidation is now a cornerstone of the demands of modern business, and through this partnership with Macquarie Telecom, we will help more Australian organisations unlock enhanced levels of data security.” Netskope already works with Macquarie Government, Macquarie Telecom’s sister company, to deliver SASE technology to federal government customers. The new partnership expands that collaboration into the wider business sector. For more from Macquarie Telecom, click here.

Securitas partners with Rohde & Schwarz on DC security

Securitas, a global security services provider, has announced a partnership with Rohde & Schwarz to integrate millimetre wave people-screening technology into its data centre security offering. The collaboration is aimed at strengthening protection against insider threats, data theft, and sabotage as demand for always-on digital infrastructure increases. Millimetre wave screening for critical environments At the core of the partnership is the use of Rohde & Schwarz’s Quick Personnel Security Scanners (QPS), which employ millimetre wave technology and artificial intelligence to detect potential threats. Already in use by government agencies and high-security organisations, the scanners provide non-contact, safe, and accurate screening while supporting real-time decision-making by on-site security officers. According to Securitas, the QPS improves operational flow by reducing the need for manual screening, enabling more efficient staffing models and allowing remote monitoring. The system also provides insights into alarm rates and throughput, supporting both regulatory compliance and continuity of operations. Milton Plet, Senior Vice President and Head of Global Clients Data Center Group at Securitas, says, “This is a perfect demonstration of how technology augments - rather than replaces - human expertise. "Our officers are still at the core of the solution, only better supported by real-time information to make even better decisions in order to protect our clients’ assets.” Expanding security options for data centres Andreas Haegele, Vice President of Microwave Imaging at Rohde & Schwarz, adds, “The strategic partnership with Securitas enables us to introduce our security scanners, formerly exclusive to governments, now also to data centres, where adaptability, consistency, and precision are key. "Together we are delivering a customised, future-proof solution that adapts to both clients’ needs and the threat landscape.” Nelson Barreto, Senior Vice President, Global Clients at Securitas Technology, argues, “By combining electronic security expertise along with our global protective services and reach, we’re delivering a smarter, more adaptive approach to securing data centres, no matter where they’re located.” Securitas has more than 90 years of experience in protective services. By adding advanced millimetre wave screening to its multi-layered security framework, the company says it aims to enhance both resilience and efficiency in data centre operations. For more from Securitas, click here.

Manufacturing in the digital age

In this article, Eric Herzog, CMO at Infinidat, explores how to protect your enterprise with cyber resilient storage: A significant transformation is underway in manufacturing enterprises, as traditional boundaries between Operational Technology (OT) and Information Technology (IT) systems rapidly dissolve. This convergence, driven as a result of ongoing digital transformation and the adoption of Industry 4.0 technology, is enabling manufacturers to achieve new levels of efficiency, productivity, and visibility across their operations. However, as these systems become increasingly integrated, the risks - particularly in the realm of cyber security - are also escalating. Understanding the changing landscape Historically, manufacturers have relied on OT systems to manage their core physical processes and machinery on the factory floor, focusing on real-time control and automation. In contrast, IT systems have taken care of data processing, business operations, and enterprise resource planning requirements. Initially, these systems would have been running independently, but in recent years, manufacturers have invested in more integrated manufacturing environments, where data flows seamlessly between shop floor equipment and enterprise systems. This integration is essential for efficiency. It enables real-time monitoring, advanced analytics, and data-driven decision-making, leading to optimised production processes and vastly improved business outcomes. At the heart of a manufacturing business is the Manufacturing Execution System (MES). The MES connects production equipment with business applications, supporting the planning, monitoring, documentation, and control of manufacturing processes in real time. It also acts as a bridge to higher-level ERP systems and industrial automation platforms, providing comprehensive visibility and enabling enterprises to make informed, data-driven decisions. But herein lies the risk, because integration is also a somewhat double-edged sword. There are plenty of upsides, but the cyber security risks can grind an enterprise to a halt. Integration upsides Here are three of the immediate benefits realised through OT and IT system integration: • Potential for real-time data analysis — Integrated OT/IT systems allow for immediate feedback and adjustments, reducing downtime and waste. • Enhanced communication — Seamless data exchange between shop floor and enterprise systems leads to better coordination and a faster response to all issues. • Optimised production — Enterprises can fine-tune their processes based on live data, improving quality and throughput. Integration downsides These operational advantages also expose manufacturers to additional cyber security threats. This question of cyber risk is for all industry sectors. The UK government’s 2024 Cyber Security Breaches Survey found that half of UK businesses experienced a cyber breach or attack in the past year, with the rate even higher among medium (70%) and large (74%) businesses. Manufacturing enterprises are an especially attractive target for cyber criminals for multiple reasons. They rely on complex, interconnected supply chains. They tend to be running a larger number of legacy systems than other industry sectors and this can create security blind spots. They also provide a high-impact target, because a successful cyberattack can disrupt an entire supply chain. Dealing with a cyberattack is also very costly. According to Make UK, an organisation representing manufacturers, nearly half of British manufacturers suffered cyberattacks in the previous year. A quarter reported losses between £50,000 and £250,000, and 65% experienced production downtime. But the true costs of a cyberattack run much deeper, because many attacks involve data exfiltration. In these cases, sensitive intellectual property or customer information is stolen and potentially sold or leaked. Data breaches are one of the biggest security threats, and new research from Deloitte - conducted with the Manufacturing Leadership Council in 2024 - quantifies this. The study reported that 48% of manufacturers experienced at least one data breach in the past 12 months, at an average cost of £2.1 million per breach. The devastating impact of storage targeted attacks A ransomware attack on enterprise storage systems can cripple a manufacturer, potentially completely halting production processes as data and files become encrypted and inaccessible. Such an attack can also compromise the entire manufacturing operation, from design and engineering data to supply chain management information. If key files are encrypted, the enterprise may not have access to product specifications, production schedules, and customer orders. Operations can be brought to a stand-still and the implications are far reaching, potentially also damaging long-term projects, customer relationships, and the business reputation. Investing in cyber resilience is not just business best practice; it is mandated by law. The EU’s NIS2 directive (2024) sets strict requirements for cyber risk management in critical sectors including manufacturing. And although no longer bound by EU laws, the UK will be releasing its own regulations with the forthcoming Cyber Security and Resilience Bill, expected to be ratified later in 2025. It is now widely accepted that, these days, it’s not a case of 'if my enterprise will be attacked', but 'when will I be attacked, how often will I be attacked, and, most importantly, how quickly can I recover?' Cyberattacks are occurring constantly. They have become an inevitable part of being in business. As the likelihood of an attack has evolved, so too have the techniques used, and completely preventing any form of cyber security breach is no longer realistic. Instead, manufacturers should focus on building cyber storage resilience into their enterprise storage and maximising their ability to detect, respond to, and recover quickly from attacks. Six foundations for cyber resilient storage A cyber resilient storage infrastructure to support manufacturing business continuity is built on six key principles: 1. Immutable snapshots — Rather than creating simple backups, manufacturers need secure, unalterable data copies taken at specific intervals. These immutable snapshots ensure that critical production and business data remains unchanged after creation, providing a reliable recovery source regardless of attack sophistication. 2. Logical and remote air-gapping — Effective cyber resilient storage requires logical isolation of immutable snapshots from network access. Air-gapping - implemented locally, remotely, or both - creates an additional protection layer that keeps recovery data segregated from potential infection vectors. 3. Automated detection and response — The speed of modern cyberattacks renders manual monitoring insufficient. Manufacturing companies need automated cyber security capabilities: Automated Cyber Protection (ACP) that integrates seamlessly with their existing security stack, including Security Operations Centres (SOC); Security Information and Event Management (SIEM); and Security Orchestration, Automation, and Response (SOAR) platforms. These systems should automatically trigger immutable snapshots when security incidents are detected. 4. Fenced forensic environment — Recovery from cyberattacks requires a completely isolated network environment for forensic analysis. This 'fenced' area allows for thorough data testing and integrity verification, ensuring that recovered data isn't compromised before reintroduction to production systems. 5. Near-instantaneous recovery — Critical for manufacturing operations is the ability to retrieve clean data copies within minutes, regardless of dataset size. Manufacturing processes are particularly time-sensitive, making rapid recovery capabilities essential for minimising production disruption and financial losses. 6. Scanning for cyber threats in your storage estate — Leveraging advanced AI and ML technology, you can scan your storage at regular intervals to see if there is a cyber threat. This gives you two different advantages: First, by scanning on a regular basis, you may uncover a cyber threat. Then, you can report that to the cyber security elements in your data centre as an 'early warning system.' Second, if you have an attack, the ability to search your immutable snapshots for a dataset free from any cyberattack gives you much faster and more reliable recovery. Road to proactive cyber storage resilience The integration of OT and IT is transforming manufacturing and unlocking new efficiencies, but it is also heightening the cyber security risk. As cyberattacks become more frequent and sophisticated, manufacturers must adopt a proactive, resilience-focused approach to their cyber security and enterprise storage. This means investing in advanced, cyber resilient storage, with robust defences and rapid data recovery capabilities. By prioritising these investments, manufacturing enterprises can reap all the benefits that integration offers, safeguard their operations, and protect data and intellectual property - even in the face of an increasingly hostile cyber threat landscape. For more from Infinidat, click here.

International Cyber Expo 2025 returns

The International Cyber Expo is fast approaching, taking place 30 September - 1 October 2025 at the Olympia London. Start planning your visit now by exploring the 2025 Event Preview and securing your free pass today. Get ready for: • Mind-blowing content — Three action-packed stages featuring the brightest minds in cyber security.• Next-level networking — Meet industry leaders, innovators, and peers ready to collaborate.• Innovative new features — Be the first to see what’s shaping the future of cyber security.• A packed exhibition floor — Discover ground-breaking solutions, products, and ideas, all in one place. Be part of the most dynamic and interactive showcase in the cyber security calendar. Register for free here. For more from the International Cyber Expo, click here.

Infoblox unveils 2025 DNS Threat Landscape Report

Infoblox, a provider of cloud networking and security services, today released its 2025 DNS Threat Landscape Report, revealing a dramatic surge in DNS-based cyberthreats and the growing sophistication of adversaries leveraging AI-enabled deepfakes, malicious adtech, and evasive domain tactics. Based on pre-attack telemetry and real-time analysis of DNS queries from thousands of customer environments - with over 70 billion DNS queries per day - the report offers a view into how threat actors exploit DNS to deceive users, evade detection, and hijack trust. "This year's findings highlight the many ways in which threat actors are taking advantage of DNS to operate their campaigns, both in terms of registering large volumes of domain names and also leveraging DNS misconfigurations to hijack existing domains and impersonate major brands," says Renée Burton, Head of Infoblox Threat Intel. "The report exposes the widespread use of traffic distribution systems (TDS) to help disguise these crimes, among other trends security teams must look out for to stay ahead of attackers." Research background Since its inception, Infoblox Threat Intel has identified a total of over 660 unique threat actors and more than 204,000 suspicious domain clusters, meaning a group of domains believed to be registered by the same actor. Over the past 12 months, Infoblox researchers have published research covering 10 new actors. They have uncovered the breadth and depth of malicious adtech, which disguises threats from users through TDS. The report brings together findings from the past 12 months to illuminate attack trends. Particularly, the report sheds light on adtech's role in these attacks. Top findings • 100.8 million newly observed domains in the past year, with 25.1% classified as malicious or suspicious• 95% of threat-related domains observed in only one customer environment• 82% of customer environments queried domains associated with malicious adtech, which rotate a massive number of domains to evade security tools and serve malicious content• Nearly 500k traffic distribution system (TDS) domains were seen in the last 12 months within Infoblox networks• Daily detection of DNS Tunneling, exfiltration, and command and control, including Cobalt Strike, Sliver, and custom tools, which require ML algorithms to detect Uptick in newly observed domains Over the year, threat actors continuously registered, activated, and deployed new domains, often in very large sets through automated registration processes. By increasing their number of domains, threat actors can bypass traditional forensic-based defences, which are built on a "patient zero" approach to security. This reactive approach relies on detecting and analysing threats after they have already been used somewhere else in the world. As attackers leverage increasing levels of new infrastructure, this approach becomes ineffective, leaving organisations vulnerable. Actors are using these domains for an array of malicious purposes, from creating phishing pages and deploying malware through drive-by downloads to engaging in fraudulent activities and scams, such as fake cryptocurrency investment sites. The need for preemptive security These findings underscore a pressing need for organisations to be proactive in the face of AI-equipped attackers. Investing in preemptive security can be the deciding factor in successfully thwarting threat actors. Proactive protection, paired with consistent radar on emerging threats, tips the scales in favour of security teams — allowing them to pull ahead of attackers and interrupt their unlimited supply of domains.