DNSFilter’s New Security Report Highlights Threats from Island Domains

Insights from DNSFilter's Security Report

On July 31, 2025, DNSFilter released its extensive quarterly security report that sheds light on emerging threats within the digital landscape. This report draws attention to a significant trend: cybercriminals are increasingly utilizing domains linked to smaller island nations to orchestrate their malicious activities. The focus on these domains signals a shift in tactics, which poses serious concerns for internet security authorities worldwide.

Key Findings

The report spans data analysis of DNS traffic from April 1, 2025, to June 30, 2025. Notably, nearly 4% of all DNS traffic was effectively blocked during this period, which marks the highest percentage of blocked traffic on record for DNSFilter. Although not every blocked request is necessarily harmful, this figure illustrates a growing awareness among DNSFilter's users to mitigate potential threats actively. Users are not only defending against cyber threats but are also preemptively blocking domains that might lead to unproductive distractions.

Rise of Malicious Domains

One of the standout findings from the report is that new domains accounted for almost 40% of the requests classified as malicious. Despite a slight decrease from the previous quarter, this number indicates that criminals continue to design their strategies around newly registered domains tailored to attract unsuspecting users. Since these domains are often unlisted on established block lists, they provide an optimal route for attackers to exploit vulnerabilities before site administrators realize the potential risks.

In particular, a notable resurgence in phishing tactics was observed. Phishing and deception requests surged to represent 31.6% of the traffic on DNSFilter’s network, over 750 million queries made during this quarter. Analysts attribute this spike to more sophisticated Phishing-as-a-Service (PhaaS) techniques like Tycoon 2FA, which have become increasingly prevalent.

Geographic Focus on Island Nations

An alarming trend outlined in the report reveals that four out of the top five country code top-level domains (ccTLDs) suspected of supporting malicious activities are linked to island nations. The most concerning is the domain from the Faroe Islands (.fo), which exhibited 27% of its traffic as malicious. Other areas of concern include Grenada, Mayotte, and Wallis and Futuna.

These domains are becoming attractive options for threat actors who often prefer cheaper and, in some instances, free registration options, allowing them to easily transition from one domain to another without incurring substantial costs.

Strategic Recommendations

Ken Carnesi, CEO and co-founder of DNSFilter, emphasized the urgent need for cybersecurity defenders to adapt quickly to the evolving tactics of cybercriminals. He explained, “Bad actors are agile, and the volume and variation of threats we saw in Q2 underscore that defenders must move as quickly and flexibly as attackers.”

As a fundamental defensive strategy, he advocates for blocking new domains which continue to be a massive driver of cyber threat activities. The rapid evolution of attacks and their methodologies suggests a pressing need for enhanced awareness and response strategies from cybersecurity professionals.

About DNSFilter

DNSFilter leverages advanced AI-driven content filtering to ensure prompt threat prevention, often outpacing competitors by ten days. It secures employees wherever they may be, enhancing productivity while minimizing compliance risks and safeguarding corporate identities on public Wi-Fi networks. Unlike conventional solutions that require extensive setup time, DNSFilter's deployment can be accomplished within minutes. Trusted by over 43,000 organizations globally, the company offers comprehensive information at dnsfilter.com.

In conclusion, the latest DNSFilter report serves as a critical reminder of the dynamic nature of cyber threats and reinforces the urgent need for updated strategies to combat these ever-evolving dangers. As cybercriminals adapt their strategies, so must the defenders.