This technique rapidly rotates DNS records and IP addresses to avoid detection. This is used by cybercriminal organizations and nation state threat actors. It enables a resilient C2 infrastructure used for ransomware, phshing, and botnets. “Single Flux” refers to only rotating IP addresses, while “Double Flux” refers to changing both DNS records and IP addresses. This is supported by bulletproof hosting services. FastFlux poses a national security threat. It can be mitigated with:
- DNS Analysis
- Anomaly Detection
- IP Blocking
- Sinkholing
- Verify PDNS protections
Bulletproof hosting services an use DNS fast flux services.[^1]
Backlinks
[[Botnet]]
[[Bulletproof Web Hosting]]
DNS
IP Addresses
[[Phishing]]
Ransomware
[[Threat Actor]]
Sources
[1] “VPS Exploitation by Threat Actors.” CYFIRMA, Dec. 30, 2022. [Online]. Available: https://www.cyfirma.com/research/vps-exploitation-by-threat-actors/