CISA warns of Fast Flux DNS evasion used by cybercrime gangs

CISA, the FBI, the NSA, and international cybersecurity agencies are calling on organizations and DNS providers to mitigate the "Fast Flux" cybercrime evasion technique used by state-sponsored threat actors and ransomware gangs. Although the technique isn't new, its effectiveness has been documented and proven repeatedly in actual cyberattacks. How Fast Flux helps with evasion Fast Flux is a DNS technique used for evading detection and maintaining resilient infrastructure used for command and control (C2), phishing, and malware delivery. It involves rapidly changing DNS records (IP addresses and/or name servers), making it hard for defenders to trace the source of malicious activity and block it. It is often powered by botnets formed by large networks of compromised systems that act as proxies or relays to facilitate these rapid switches. CISA's bulletin highlights two main types of the technique, namely Single Flux and Double Flux. When using Single Flux, attackers will frequen ... Read full article.