Summary: Cybersecurity agencies warn that threat actors are using ‘fast flux’ techniques to obscure the location of their malicious servers, thereby enhancing the resilience of their cyber infrastructures. This approach involves rapidly changing DNS records to ensure the continuity of command-and-control communication while evading detection. The continuous use of compromised hosts complicates efforts to identify and mitigate malicious traffic effectively.
Affected: Cybersecurity agencies in the US, Australia, Canada, and New Zealand, and organizations reliant on internet services
Keypoints :
- Fast flux alters DNS records rapidly, linking domains to multiple IP addresses to prevent tracking.
- Threat actors may utilize ‘double flux’ to change both IP addresses and DNS name servers, complicating detection.
- Bulletproof hosting services and certain ransomware groups employ fast flux to maintain malicious operations while offering it as a service.
- Agencies recommend improving detection mechanisms through threat intelligence and robust monitoring to combat this persistent threat.