Recent searches
Search options
#fastflux
#NSA warns “fast flux” threatens national #security. What is fast flux anyway?
A technique that hostile nation-states & financially motivated #ransomware groups are using to hide their operations poses a threat to critical #infrastructure & national security, the NSA has warned.
The technique is known as #FastFlux. It allows decentralized networks operated by threat actors to hide their infrastructure and survive takedown attempts that would otherwise succeed
#privacy
NSA warns “fast flux” threatens national security. What is fast flux anyway? - A technique that hostile nation-states and financially motivated ransomwar... - https://arstechnica.com/security/2025/04/nsa-warns-that-overlooked-botnet-technique-threatens-national-security/ #security #fastflux #biz&it
In case you're not up-to-speed on what #FastFlux #DNS is, it's part of the arms race between attackers and defenders:
THREAT ACTOR: This is my C2 IP
BLUE TEAMER: Blocked at the firewall
TA: Ok, well then, here's my C2 domain. I've rented 50k botnet nodes to use as proxies to my real C2 infrastructure, and I'm going to keep changing the IP the domain points to basically forever. Good luck blocking that. [FAST FLUX]
BT: Blocked the domain's nameserver's IPs at the firewall
Friendly reminder that you should be blocking all newly registered domains for your end users. Free lists like the NRD (https://github.com/xRuffKez/NRD) exist. Microsoft Defender for Endpoint also has a built in list you can enable via policy.
IMO everyone should do 365 days but even 30 or 90 will save you so much headache.
#DNS #ThreatIntel #FastFlux
Hey CISA,
Fast flux is over 18 years old and can buy its own cigarettes. Maybe don't portray it as novel...
Sincerely,
A concerned architect