New DNSFilter Report Shows Surge in New Domain Threats Over Malware in Q1 2025

New DNSFilter Report Highlights New Threat Trends

A groundbreaking report by DNSFilter, released on April 24, 2025, unveils alarming trends in online threats for the first quarter. Notably, it reveals that new domains have overtaken malware and phishing as the primary threat type within the DNSFilter network.

Surging New Domains

In Q1 2025, the number of new domains increased by a staggering 140% compared to the previous quarter. Of these, 19% were identified as potentially malicious early in April. This surge indicates a shift in threat tactics, as malicious actors turn to freshly registered domains to launch their attacks, capitalizing on their lack of prior reputation.

The DNSFilter system processes an astonishing 170 billion very queries daily, with about 200 million being blocked as threats. This figure includes phishing attempts that failed to reach their intended consumers, ransomware that was unable to penetrate networks, and malware that was halted prior to distribution. This proactive blocking is crucial in a landscape where new domains are becoming commonplace in phishing and malware endeavors.

Understanding the Shift

While it's essential to remain vigilant, it's worth noting that not all new domains are inherently malicious. However, they warrant scrutiny; blocking such domains can help safeguard users from evolving threats. Cybercriminals are increasingly using newly registered domains for various reasons, including the allure of catchy names that capture public interest. These newly created domains often slip under the radar since they haven't yet appeared on existing blocklists, giving attackers a valuable opportunity to exploit vulnerabilities.

The report also highlights that many of these domains frequently participate in fast flux attacks, where the domains are switched out quickly to avoid detection systems.

Record Numbers in DNS Traffic

The report doesn't just focus on new threats; it also reveals other important statistics. DNS traffic volume reached historic highs, especially in January and March, with 3.61% of total DNS traffic being blocked—marking the highest quarterly block rate on record. The most notable top-level domain (TLD) flagged during this period was .pw, which has become popular among those attempting to engage in malicious activity.

Although malware and phishing remain significant concerns, they represented only 36% of all threats identified in Q1, with new domains now taking precedence as the top concern.

Expert Insight

According to Ken Carnesi, CEO and co-founder of DNSFilter, the implication of these findings is critical for IT professionals and cybersecurity strategists. He stresses the importance of real-time detection of suspicious domains, especially those that possess little historical data or reputation. The analysis conducted showed that malicious actors continually produce new domains, which can be a genuine risk to individuals and organizations.

Carnesi urges companies to adopt a strategy of proactively blocking these new domains to minimize risk. By deploying DNSFilter's services—which leverages AI technology—businesses can effectively filter out harmful domains faster than traditional threat response systems.

Conclusion

As the digital landscape evolves, so too does the nature of online threats. With new domains quickly becoming the preferred option for cybercriminals, organizations must prioritize evolving their defenses to resist this shift. DNSFilter’s report serves as a wake-up call for all sectors dependent on safe internet usage, ensuring that everyone remains vigilant against this emerging threat landscape. Businesses interested in bolstering their cybersecurity measures can look to DNSFilter for advanced protection. Their commitment lies in creating a safer Internet and more productive workplaces by mitigating harmful and unwanted content at the DNS layer.