The United States National Security Administration (NSA) has issued a cybersecurity advisory about fast flux, a technique commonly used by cybercriminals to avoid detection.
Fast flux allows bad actors to rapidly change the IP address associated with a domain name. The NSA said that because fast flux allows cybercriminals and nation-state actors to create highly resilient and available command-and-control infrastructures that obfuscate their activities, it poses a threat to national security.
This infrastructure can be exploited to conduct espionage and hide other cyberattacks, like phishing campaigns and distributed denial-of-service (DDoS) attempts. For example, a group known as Gamaredon, which is believed to be linked to Russia, recently used fast flux to conceal spear-phishing attacks against Ukrainian organizations.
What is particularly concerning about this incident is that even though the group’s attacks have been described as “reckless and not particularly focused on stealth,” the threats have still managed to evade detection by leveraging techniques like fast flux.
Cyber Fusion Deployment
This is part of a growing trend where sophisticated technology is lowering the barriers to entry for criminals. Often, bad actors use phishing attacks to gain access to an organization’s systems, after which they can deploy various forms of malware.
As cybercriminals become more cunning and creative, organizations must adapt by expanding their cybersecurity strategies.
“The best defense for financial institutions, and any critical infrastructure industry, is to ensure that threat intel sharing is brought to the fore, through information sharing and analysis center (ISAC) participation and consortium efforts facilitated via private sector collaboration,” said Tracy Goldberg, Director of Fraud & Security at Javelin Strategy & Research.
“The DDoS attacks (waged against the U.S. by the Iranian government) of the mid-2010s took top-tier banking institutions offline,” she said. “It was only after strong intel sharing—facilitated by ISAC participation—around suspicious IP addresses and domains became commonplace that U.S. banks were able to successfully mitigate those attacks. A similar strategy is required here, heightening the need for more cyber-fusion deployment across the financial services sector.”
