Two-fifths of business networks show evidence of DNS tunnelling, the latest security report from network control firm Infoblox reveals.

DNS tunnelling is a technique used to send and receive data packets over the domain name system (DNS) that is designed to translate domain names such as computerweekly.com into IP addresses such as 206.19.49.154, and consequently has no inherent security or monitoring capability.

DNS tunnelling activity is a significant security threat that can indicate malware or data exfiltration within a network, according to the company’s security assessment report for the second quarter of 2016.

The report said 559 files capturing DNS traffic were uploaded to Infoblox for assessment from 248 customers across a wide range of industries and geographies. Evidence of suspicious DNS activity, such as attempting to reach known malicious internet locations, was present in 66% of the files.