Domain-name system (DNS)- based cyber attacks are becoming increasingly complex, and AI will only make managing them even more challenging.
According to a recent report, Chief Information Security Officers (CISOs) anticipate a tumultuous season of cyber threats, with low confidence in their abilities to defend against them effectively. The CISO Outlook 2025 report found that 70% of CISOs believe security threats will increase in the coming year, and a staggering 98% expect them to rise over the next three years.
Domain-based attacks, which exploit or mimic legitimate internet domain names, are a primary source of this concern. These include hijacking domain registrations, deploying lookalike domains for phishing, typosquatting, or taking over misconfigured subdomains.
According to the report, in 2024, cybersquatting and domain/DNS hijacking were ranked as the top two security threats by CISOs, and they're expected to remain in the top three for the next three years.
Securing public-facing domain infrastructure and external risks
Securing DNS: A never-ending struggle
The struggle to handle DNS-based attacks is not new. A 2023 global survey revealed that 90% of organizations had suffered at least one DNS attack in the past year, with the average company being hit 7.5 times. These are not minor incidents; the average cost of a single DNS attack now exceeds $1 million in damages. The consequences are severe, with over 80% of businesses experiencing application downtime after a DNS attack and 29% suffering the theft of sensitive data.
This long-standing difficulty is reflected in the confidence levels of security leaders. The CISO Outlook 2025 report revealed that only 7% of CISOs felt "very confident" in their organization's ability to mitigate domain-based attacks. A further 76% stated they were only "somewhat confident".
According to Ihab Shraim, Chief Technology Officer at CSC, this is because DNS and domain-related infrastructure are inherently soft targets.
"[Bad actors] focus on the assets organizations must keep publicly accessible, such as DNS, websites, or email gateways, making it easier to launch precise attacks like cybersquatting or DNS cache poisoning."
- Ihab Shraim, Chief Technology Officer at CSC
The problem isn't necessarily a lack of tools. Nearly three-fifths (59%) of security leaders reported that when their firm detects a domain-linked threat, they have tools and processes in place to mitigate it. However, they admit it remains a "complex and time-consuming process to take threats down," indicating that the available solutions are not keeping pace with the complexity of the attacks.
The amplifying role of artificial intelligence
AI is accelerating both the scale and speed of domain-based impersonation threats. Cybercriminals can now leverage AI to scan for abandoned or misconfigured subdomains vulnerable to takeovers and generate vast numbers of new domains for phishing campaigns at a remarkable scale.
Modern cyber attacks are also becoming more sophisticated by combining multiple techniques. An attack may begin with social engineering paired with a lookalike domain to establish credibility, which then enables a more significant threat like a ransomware deployment.
As CSC CISO Mark Eggleston notes, "attacks such as ransomware don't happen in isolation... bad actors can then go on to steal information in hybrid or blended attacks, which could turn out to be truly devastating."
Strengthen the human element
To counter this new age of DNS threats, organizations must address the human weaknesses that facilitate many of these attacks. As Shraim notes, reconnaissance campaigns include searching for employees most likely to fall victim to a phishing attack.
"Bad actors conduct extensive reconnaissance — scanning everything from social media to job boards — to identify potential vulnerabilities, including disgruntled insiders who may be susceptible to phishing."
- Ihab Shraim, Chief Technology Officer at CSC
This human-centric vulnerability is compounded by the rise of "Shadow AI" — the unauthorized use of AI tools like ChatGPT. While these tools can boost productivity, they also create significant risks, as employees may unintentionally share sensitive company or customer information with third-party large language models that have not been vetted. The threat of Shadow AI adds an additional layer of complication to the already overwhelming task of managing Shadow IT, especially when also considering the risk of insecure LLM usage in your supply chain.
97% of security leaders admit they are concerned about giving AI-based third-party systems access to company data.
Watch this video to learn why human risk management must move beyond Shadow AI.
Are you prepared for the next three years of sophisticated attacks?
As DNS cyber threats grow in volume and sophistication, fueled by AI and focused on domain-based vectors, CISOs find themselves in a challenging position. Confidence is low, existing tools are struggling to keep up, and the human element remains a critical point of failure.
Preparing for the next generation of attacks means moving DNS from an afterthought to a first-class security control.. UpGuard’s integrated approach, which embeds DNSSEC hygiene checks, sub-domain takeover detection, and human-risk scoring into a single workflow, exemplifies how process automation and AI can scale protection across both infrastructure and people.
For CISOs, investing in these controls will make the difference between surviving the next three years of highly sophisticated cybersquatting and domain-based attacks, and becoming the next cautionary headline.
