|
Joint Guidance: Fast Flux - A
National Security Threat
April 04, 2025
Technical Advisories
The National Cyber Security Centre
and international partners are warning against a
malicious cyber technique known as fast flux that
presents a persistent threat to network security. Many
networks have a gap in their defences for detecting and
blocking this malicious technique.
Fast flux enables cyber actors to
consistently evade detection and is used by nation-state
actors and cyber criminals to obfuscate the locations of
malicious servers by rapidly changing Domain Name System
(DNS) records.
This technique also allows
malicious actors to create resilient, highly available
command and control (C2) infrastructure, which conceals
their subsequent malicious operations. This resilient
and fast-changing infrastructure makes tracking and
blocking of malicious activities that use fast flux more
difficult.
This advisory warns organisations,
internet service providers (ISPs), and cyber security
service providers (CSPs) of the ongoing threat of fast
flux-enabled malicious activities and the gap that many
networks have in defending against it.
We encourage ISPs and CSPs,
especially Protective DNS (PDNS) providers, to help
mitigate this threat by taking proactive steps to
develop accurate and reliable fast flux detection
analytics and block these activities for their
customers.
This advisory also provides
guidance on detecting and mitigating fast flux by
adopting a multi-layered approach that combines DNS
analysis, network monitoring, and threat intelligence to
protect networks against fast flux operations.
The authoring agencies recommend
government and critical infrastructure organisations
close this ongoing gap in many networks’ defences by
using cyber security and PDNS services that block
malicious fast flux activity.
By implementing robust detection
and mitigation strategies, organisations can
significantly reduce their risk of compromise by fast
flux-enabled threats.
The NCSC will add any fast flux
indicators to the Malware Free Networks Service (MFN)
feed if they become available.
|
.gif)
.gif)
.jpg){kind=logo}
