NSA warns “fast flux” threatens national security. What is fast flux anyway?


A technique that hostile nation-states and financially motivated ransomware groups are using to hide their operations poses a threat to critical infrastructure and national security, the National Security Agency has warned.

The technique is known as fast flux. It allows decentralized networks operated by threat actors to hide their infrastructure and survive takedown attempts that would otherwise succeed. Fast flux works by cycling through a range of IP addresses and domain names that these botnets use to connect to the Internet. In some cases, IPs and domain names change every day or two; in other cases, they change almost hourly. The constant flux complicates the task of isolating the true origin of the infrastructure.

Read more…
Source: ArsTechnica


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • Maze Ransomware adds Ragnar Locker to its extortion cartel

    June 8, 2020

    A second ransomware gang has partnered with Maze Ransomware to use their data leak platform to extort victims whose unencrypted files were stolen. Before encrypting a victim’s network, most network-targeting ransomware operations will steal a victim’s unencrypted files. These files are then used as leverage by threatening to release them publicly on data leak sites if a ransom is ...

  • Honda investigates possible ransomware attack, networks impacted

    June 8, 2020

    Computer networks in Europe and Japan from car manufacturer giant Honda have been affected by issues that are reportedly related to a SNAKE Ransomware cyber-attack. Details are unclear at the moment but the company is currently investigating the cause of the problems that were detected on Monday. The company has confirmed to BleepingComputer that its IT network is not functioning ...

  • Germany launches terrorism probe over planned attack on Muslims

    June 8, 2020

    German authorities arrested a 21-year-old man and launched a terrorism investigation after he threatened to carry out an attack targeting Muslims, prosecutors said on Monday. The 21-year-old man from the northern city of Hildesheim made the threat in an anonymous online chat forum on May 29, announcing his intention to carry out an attack “with multiple ...

  • New Avaddon Ransomware launches in massive smiley spam campaign

    June 8, 2020

    With a wink and a smile, the new Avaddon Ransomware has come alive in a massive spam campaign targeting users worldwide. Avaddon was launched at the beginning of this month and is actively recruiting hackers and malware distributors to spread the ransomware by any means possible. As its first known attack, the Avaddon Ransomware is being distributed in ...

  • Hackers are targeting your smartphone as way into the company network

    June 4, 2020

    The number of phishing attacks targeting smartphones as the entry point for attempting to compromise enterprise networks has risen by more than a third over the course of just a few months. Analysis by cybersecurity company Lookout found that there’s been a 37% increase in mobile phishing attacks worldwide between the last three months of 2019 and the first ...

  • Cisco’s warning: Critical flaw in IOS routers allows ‘complete system compromise’

    June 4, 2020

    Cisco has disclosed four critical security flaws affecting router equipment that uses its IOS XE and IOS software. The four critical flaws are part of Cisco’s June 3 semi-annual advisory bundle for IOS XE and IOS networking software, which includes 23 advisories describing 25 vulnerabilities. The 9.8 out of 10 severity bug, CVE-2020-3227, concerns the authorization controls for the ...