NSA warns “fast flux” threatens national security. What is fast flux anyway?


A technique that hostile nation-states and financially motivated ransomware groups are using to hide their operations poses a threat to critical infrastructure and national security, the National Security Agency has warned.

The technique is known as fast flux. It allows decentralized networks operated by threat actors to hide their infrastructure and survive takedown attempts that would otherwise succeed. Fast flux works by cycling through a range of IP addresses and domain names that these botnets use to connect to the Internet. In some cases, IPs and domain names change every day or two; in other cases, they change almost hourly. The constant flux complicates the task of isolating the true origin of the infrastructure.

Read more…
Source: ArsTechnica


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • Zeppelin: Russian Ransomware Targets High Profile Users in the U.S. and Europe

    December 11, 2019

    Zeppelin is the newest member of the Delphi-based Ransomware-as-a-Service (RaaS) family initially known as Vega or VegaLocker. Although it’s clearly based on the same code and shares most of its features with its predecessors, the campaign that it’s been part of differs significantly from campaigns involving the previous versions of this malware. Vega samples were first ...

  • The quiet evolution of phishing

    December 11, 2019

    The battle against phishing is a silent one: every day, Office 365 Advanced Threat Protection detects millions of distinct malicious URLs and email attachments. Every year, billions of phishing emails don’t ever reach mailboxes—real-world attacks foiled in real-time. Heuristics, detonation, and machine learning, enriched by signals from Microsoft Threat Protection services, provide dynamic, robust protection against email threats. Phishers have been ...

  • Story of the year 2019: Cities under ransomware siege

    December 11, 2019

    Overall awareness of the need for security measures is growing, and cybercriminals are increasing the precision of their targeting to locate victims with security breaches in their defense systems. Looking back at the past three years, the share of users targeted with ransomware in the overall number of malware detections has risen from 2.8% to 3.5%. While ...

  • Waterbear is Back, Uses API Hooking to Evade Security Product Detection

    December 11, 2019

    Waterbear, which has been around for several years, is a campaign that uses modular malware capable of including additional functions remotely. It is associated with the cyberespionage group BlackTech, which mainly targets technology companies and government agencies in East Asia (specifically Taiwan, and in some instances, Japan and Hong Kong) and is responsible for some infamous campaigns ...

  • Windows 0-day exploit CVE-2019-1458 used in Operation WizardOpium

    December 11, 2019

    In November 2019, Kaspersky technologies successfully detected a Google Chrome 0-day exploit that was used in Operation WizardOpium attacks. During our investigation, we discovered that yet another 0-day exploit was used in those attacks. The exploit for Google Chrome embeds a 0-day EoP exploit (CVE-2019-1458) that is used to gain higher privileges on the infected machine as ...

  • New Plundervolt attack impacts Intel CPUs

    December 10, 2019

    Academics from three universities across Europe have disclosed today a new attack that impacts the integrity of data stored inside Intel SGX, a highly-secured area of Intel CPUs. The attack, which researchers have named Plundervolt, exploits the interface through which an operating system can control an Intel processor’s voltage and frequency — the same interface that allows ...