Cybersecurity agencies from the US, Australia, Canada, and New Zealand issued a critical warning. Cybercriminals are exploiting a technique called “fast flux.” Attackers use fast flux to hide the locations of their harmful servers. This technique helps create infrastructure that is hard to take down.
How Fast Flux Works
Fast flux quickly changes Domain Name System (DNS) records. Attackers link one domain name to many IP addresses. They rotate these addresses regularly. This makes it difficult for security teams to track and block malicious servers.
Using fast flux, cybercriminals keep their command-and-control (C&C) servers active. Even if one IP address is blocked or removed, the domain stays online. A joint cybersecurity alert noted attackers use fast flux and similar techniques to keep malware connected with attacker-controlled servers.
Double Flux Adds Complexity
Some attackers also use “double flux.” Double flux changes both the IP addresses and DNS name servers. Attackers often use networks of compromised computers (botnets) as proxies. This hides malicious traffic, making it even harder to stop.
Cybercriminal groups using fast flux include Hive and Nefilim ransomware gangs. Bulletproof hosting services also use it, as does the Russian threat group Gamaredon. Bulletproof hosts advertise fast flux openly, allowing many malicious activities like phishing and illegal marketplaces.
Cybersecurity agencies recommend proactive actions for internet service providers (ISPs) and cybersecurity companies. Steps include monitoring DNS logs, using threat intelligence to spot fast flux domains, and creating detection algorithms.
Steps for Government and Critical Infrastructure
Critical infrastructure and government organizations should closely cooperate with ISPs and cybersecurity providers. Key defensive steps include DNS and IP blocking, redirecting malicious traffic (sinkholing), reputation-based filtering, and improved logging practices.
“Fast flux is a persistent cybersecurity threat,” agencies warned. Strong detection systems and proactive defenses are critical to fighting these sophisticated cyber threats.
