NSA warns “fast flux” threatens national security. What is fast flux anyway?


A technique that hostile nation-states and financially motivated ransomware groups are using to hide their operations poses a threat to critical infrastructure and national security, the National Security Agency has warned.

The technique is known as fast flux. It allows decentralized networks operated by threat actors to hide their infrastructure and survive takedown attempts that would otherwise succeed. Fast flux works by cycling through a range of IP addresses and domain names that these botnets use to connect to the Internet. In some cases, IPs and domain names change every day or two; in other cases, they change almost hourly. The constant flux complicates the task of isolating the true origin of the infrastructure.

Read more…
Source: ArsTechnica


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • Molerats Delivers Spark Backdoor to Government and Telecommunications Organizations

    March 3, 2020

    Between October 2019 through the beginning of December 2019, Unit 42 observed multiple instances of phishing attacks likely related to a threat group known as Molerats (AKA Gaza Hackers Team and Gaza Cybergang) targeting eight organizations in six different countries in the government, telecommunications, insurance and retail industries, of which the latter two were quite ...

  • TrickBot Adds ActiveX Control, Hides Dropper in Images

    March 2, 2020

    The TrickBot banking trojan has gotten trickier, with the addition of a Windows 10 ActiveX control to execute malicious macros in boobytrapped documents. Michael Gorelik, researcher at Morphisec Labs, said that at least two dozen documents have come to light in the last few weeks that use ActiveX—a feature in Remote Desktop Protocol (RDP) – to ...

  • What to know about cyberattacks targeting energy pipelines

    March 1, 2020

    The Department of Homeland Security (DHS) this past month disclosed a disruptive cyberattack on a U.S. energy facility, raising new concerns about protections for energy providers. The Cybersecurity and Infrastructure Security Agency (CISA), a division of DHS, said a ransomware attack hit a “natural gas compression facility,” leading to a two-day shutdown for the entire pipeline. While the agency ...

  • RSAC 2020: Ransomware a ‘National Crisis,’ CISA Says, Ramps ICS Focus

    February 28, 2020

    Industrial control systems (ICS) and critical infrastructure will be a main focus for the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) this year – especially as ransomware looms as a main threat to the sector going forward. That’s according to Christopher Krebs, director of CISA, speaking at RSA Conference 2020 this week. “My agency ...

  • Roaming Mantis, part V

    February 27, 2020

    Kaspersky has continued to track the Roaming Mantis campaign. The group’s attack methods have improved and new targets continuously added in order to steal more funds. The attackers’ focus has also shifted to techniques that avoid tracking and research: whitelist for distribution, analysis environment detection and so on. We’ve also observed new malware families: Fakecop (also ...

  • Billions of Devices Open to Wi-Fi Eavesdropping Attacks

    February 26, 2020

    A serious vulnerability in Wi-Fi chips has been discovered that affects billions of devices worldwide, according to researchers. It allows attackers to eavesdrop on Wi-Fi communications. The bug (CVE-2019-15126) stems from the use of an all-zero encryption key in chips made by Broadcom and Cypress, according to researchers at ESET, which results in data decryption. This ...