Connect with us

Hi, what are you looking for?


Malware & Threats

NSA Blocked 10 Billion Connections to Malicious and Suspicious Domains

The National Security Agency has published a new yearly report detailing its cybersecurity efforts throughout 2023.

Rob Joyce retiring from NSA

The National Security Agency’s domain security service blocked 10 billion user connections to known malicious or suspicious domains, the agency notes in an annual report.

Published on Tuesday, the NSA’s 2023 Cybersecurity Year in Review report (PDF) details the agency’s efforts in cybersecurity and its work with government partners, foreign partners, and defense industrial base (DIB) entities to improve national security.

The NSA’s cybersecurity efforts mainly focus on protecting national security systems (NSS), which contain classified information or are critical to US military and intelligence, the Department of Defense (DoD) services and agency networks, and DIB organizations (DoD contractors).

“NSA’s efforts to help secure the nation’s most sensitive systems also help your cybersecurity because NSA cascades these solutions through public guidance and engages with key technology providers to help them bolster the security of their products and services,” the agency notes.

The NSA also says that the no-cost cybersecurity services it offers to DoD contractors have seen a 400% adoption this year, with the number of enrolled organizations surpassing 600. Small businesses, including organizations with limited resources, represent more than 70% of the current DIB.

In 2023, the NSA released six security products tackling threats to communications, DIB, and information technology sectors. The documents cover the supply chain, 5G network security, and identity and access management.

This year, the NSA also improved its vulnerability scanning program, which resulted in 1.3 million security defects being flagged, inventoried over 300,000 internet-accessible assets for the participating DIB entities, and issued more than 500 partner vulnerability notifications.

Along with the cybersecurity industry, the agency is tracking roughly 70 unique clusters of known state-sponsored activity, and has uncovered multiple nation-state campaigns specifically targeting DIB, including some targeting zero-day vulnerabilities.

Advertisement. Scroll to continue reading.

The NSA is also promoting the secure development, adoption, and integration of artificial intelligence (AI), through a newly established AI Security Center, which will also focus on understanding how adversaries use and target AI.

This year, the agency continued to provide cybersecurity advisories to the public, to publish indicators-of-compromise (IoCs) associated with observed malicious activity, to execute the US government’s strategy to migrate vulnerable cryptographic systems to quantum-resistant cryptography, and to research and enhance its cyber warfare capabilities.

“NSA’s principles and values, along with our culture of compliance and protection of privacy and civil liberties, have served as the foundation for the cybersecurity successes detailed in this report and will continue to serve as the bedrock of NSA in the future,” said Gen. Paul Nakasone, head of the NSA and US Cyber Command.

Related: NSA Issues Guidance on Incorporating SBOMs to Improve Cybersecurity

Related: NSA Publishes ICS/OT Intrusion Detection Signatures and Analytics

Related: US, UK Cybersecurity Agencies Publish AI Development Guidance

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


The recent ransomware attack targeting Rackspace was conducted by a cybercrime group named Play using a new exploitation method, the cloud company revealed this...

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.