Cybersecurity service providers, internet service providers, and organizations were warned Wednesday of the ongoing threat of fast flux enabled malicious activities.
“Fast flux” exploits a gap commonly found in network defenses, making the tracking and blocking of malicious fast flux activities difficult. It is a technique used to obfuscate the locations of malicious servers by rapidly changing the Domain Name System records associated with a single domain name.
The advisory, Cybersecurity Advisory Fast Flux: A National Security Threat, was made by Critical Infrastructure Security and Resilience in partnership with the National Security Agency, Federal Bureau of Investigation, the Canadian Centre for Cyber Security, Australian Signals Directorate’s Australian Cyber Security Centre, and New Zealand’s National Cyber Security Centre.
The agencies also provided guidance on how to detect and mitigate fast flux enabled malicious activities to safeguard critical infrastructure and national security. The agencies recommend adopting a multi-layered approach to detection and mitigation to reduce risk of compromise.
Service providers, especially Protective DNS providers, are advised to track, share information about, and block fast flux as part of their provided cybersecurity services.
Government and critical infrastructure organizations are advised to close the ongoing gap in network defenses by using services that block malicious fast flux activity.