TZUTC: -0500   
   MSGID: 868.consprcy@1:2320/105 2c554df5   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FBI, CISA warns of new Fast Flux DNS evasion being used by cyber gangs   
      
   Date:   
   Fri, 04 Apr 2025 13:27:00 +0000   
      
   Description:   
   US agencies are urging organizations take a unified stand against the rising   
   threat.   
      
   FULL STORY   
      
   The US Cybersecurity and Infrastructure Agency (CISA) has warned government   
   agencies, internet service providers (ISP), and other organizations, about   
   so-called fast flux attacks which, it says, are becoming a growing problem in   
   cyberspace.    
      
   Fast flux attacks are a technique where attackers rapidly change the IP   
   addresses associated with a malicious domain using a botnet, making it   
   difficult to track and take down.    
      
   This method helps hide phishing sites, malware distribution networks, and   
   command-and-control servers by leveraging a constantly shifting pool of   
   compromised hosts.    
      
   Mitigating the threat    
      
   CISA published a new security advisory to warn about the threat, together    
   with the FBI, NSA, Australian Signals Directorates Australian Cyber Security   
   Centre (ASDs ACSC), Canadian Centre for Cyber Security (CCCS), and New    
   Zealand National Cyber Security Centre (NCSC-NZ).    
      
   Many networks have a gap in their defenses for detecting and blocking a   
   malicious technique known as fast flux, the advisory says.    
      
   This advisory is meant to encourage service providers, especially Protective   
   DNS (PDNS) providers, to help mitigate this threat by taking proactive steps   
   to develop accurate, reliable, and timely fast flux detection analytics and   
   blocking capabilities for their customers.    
      
   CISA also provided guidance on how to detect and mitigate fast flux attacks,   
   which includes adopting a multi-layered approach through DNS analysis,    
   network monitoring, and threat intelligence.    
      
   It further stated agencies should work together on building and deploying   
   scalable solutions that will close the ongoing gap in network defenses.    
      
   Finally, the agencies stressed that some legitimate activity, such as common   
   content delivery network (CDN) behaviors, may look like malicious fast flux   
   activity.    
      
   Protective DNS services, service providers, and network defenders should make   
   reasonable efforts, such as allowlisting expected CDN services, to avoid   
   blocking or impeding legitimate content, the advisory concludes.    
      
    Via The Register   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/fbi-cisa-warns-of-new-fast-flux-dns-eva   
   sion-being-used-by-cyber-gangs   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426