----------------------------------------------------------------------------------
@MSGID: 31360.politicf@1:2320/105 2c55c510
@TZUTC: -0500
@PID: Synchronet 3.20a-Linux master/acc19483f Apr 26
202 GCC 12.2.0
@TID: SBBSecho 3.20-Linux master/acc19483f Apr 26
2024 23:04 GCC 12.2.0
@BBSID: CAPCITY2
@CHRS: ASCII 1
FBI, CISA warns of new Fast Flux DNS evasion being used by cyber gangs
Date:
Fri, 04 Apr 2025 13:27:00 +0000
Description:
US agencies are urging organizations take a unified stand against the rising
threat.
FULL STORY
The US Cybersecurity and Infrastructure Agency (CISA) has warned government
agencies, internet service providers (ISP), and other organizations, about
so-called fast flux attacks which, it says, are becoming a growing problem in
cyberspace.
Fast flux attacks are a technique where attackers rapidly change the IP
addresses associated with a malicious domain using a botnet, making it
difficult to track and take down.
This method helps hide phishing sites, malware distribution networks, and
command-and-control servers by leveraging a constantly shifting pool of
compromised hosts.
Mitigating the threat
CISA published a new security advisory to warn about the threat, together
with the FBI, NSA, Australian Signals Directorates Australian Cyber Security
Centre (ASDs ACSC), Canadian Centre for Cyber Security (CCCS), and New
Zealand National Cyber Security Centre (NCSC-NZ).
Many networks have a gap in their defenses for detecting and blocking a
malicious technique known as fast flux, the advisory says.
This advisory is meant to encourage service providers, especially Protective
DNS (PDNS) providers, to help mitigate this threat by taking proactive steps
to develop accurate, reliable, and timely fast flux detection analytics and
blocking capabilities for their customers.
CISA also provided guidance on how to detect and mitigate fast flux attacks,
which includes adopting a multi-layered approach through DNS analysis,
network monitoring, and threat intelligence.
It further stated agencies should work together on building and deploying
scalable solutions that will close the ongoing gap in network defenses.
Finally, the agencies stressed that some legitimate activity, such as common
content delivery network (CDN) behaviors, may look like malicious fast flux
activity.
Protective DNS services, service providers, and network defenders should make
reasonable efforts, such as allowlisting expected CDN services, to avoid
blocking or impeding legitimate content, the advisory concludes.
Via The Register
======================================================================
Link to news story:
https://www.techradar.com/pro/security/fbi-cisa-warns-of-new-fast-flux-dns-eva
sion-being-used-by-cyber-gangs
$$
--- SBBSecho 3.20-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 50/109 103/705 104/119 120/616 124/5016
153/757 154/10 30 50 700
SEEN-BY: 203/0 220/20 90 221/0 6 226/18 44
229/310 240/1120 5832 280/464 5003
SEEN-BY: 280/5006 292/854 8125 301/1 310/31 341/66
234 396/45 423/120 460/58
SEEN-BY: 467/888 633/280 712/848 770/1 2320/0 105
3634/12 5000/111 5020/400
SEEN-BY: 5020/715 846 848 1042 4441 12000 5030/49
1081 5061/133 5075/128
SEEN-BY: 5083/444
@PATH: 2320/105 154/10 280/464 467/888 5020/1042
4441