NSA warns “fast flux” threatens national security. What is fast flux anyway?


A technique that hostile nation-states and financially motivated ransomware groups are using to hide their operations poses a threat to critical infrastructure and national security, the National Security Agency has warned.

The technique is known as fast flux. It allows decentralized networks operated by threat actors to hide their infrastructure and survive takedown attempts that would otherwise succeed. Fast flux works by cycling through a range of IP addresses and domain names that these botnets use to connect to the Internet. In some cases, IPs and domain names change every day or two; in other cases, they change almost hourly. The constant flux complicates the task of isolating the true origin of the infrastructure.

Read more…
Source: ArsTechnica


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • Hackers Compromise Cisco Servers Via SaltStack Flaws

    May 28, 2020

    Cisco said attackers have been able to compromise its servers after exploiting two known, critical SaltStack vulnerabilities. The flaws exist in the open-source Salt management framework, which are used in Cisco network-tooling products. Two Cisco products incorporate a version of SaltStack that is running the vulnerable salt-master service. The first is Cisco Modeling Labs Corporate Edition (CML), ...

  • ‘[F]Unicorn’ Ransomware Impersonates Legit COVID-19 Contact-Tracing App

    May 27, 2020

    A fresh ransomware strain known as “Unicorn” has emerged, first seen this week targeting users by pretending to be an official government COVID-19 contact tracing app. According to an advisory from the Computer Emergency Response Team (CERT) from the Agency for Digital Italy (AgID), the malware family is taking advantage of the rollout of “Immuni” – ...

  • Spam and phishing in Q1 2020

    May 26, 2020

    Burning Man is one of the most eagerly awaited events among fans of spectacular performance and installation art. The main obstacle to attending is the price of admission: a standard ticket will set you back $475, the number is limited, and the buying process is a challenge all by itself (there are several stages, registration ...

  • Forward-looking security analysis of smart factories [Part 2] Security risks of industrial application stores

    May 26, 2020

    On May 11, 2020, Trend Micro released a paper showing the results of proof-of-concept research on new security risks associated with smart factories. In this series of 5 columns, based on the results of this research, we will look at the security risks to be aware of when promoting smart factories by examining overlooked attack ...

  • Factory Security Problems from an IT Perspective (Part 2): People, processes, and technology

    May 26, 2020

    This article is the second in a series that discusses the challenges that IT departments face when they are assigned the task of overseeing cybersecurity in factories and implementing measures to overcome these challenges. Before beginning to consider countermeasures, in the first article we explained the source of the challenges while focusing on the differences ...

  • Turla APT Revamps One of Its Go-To Spy Tools

    May 26, 2020

    The Turla APT group has been spotted using an updated version of the ComRAT remote-access trojan (RAT) to attack governmental targets. Turla (a.k.a. Snake, Venomous Bear, Waterbug or Uroboros), is a Russian-speaking threat actor known since 2014, but with roots that go back to 2004 and earlier, according to previous research from Kaspersky. “It is a ...