The Canadian Centre for Cyber Security (Cyber Centre) has joined the United States’ National Security Agency (NSA), and the following international partners in releasing cyber security guidance on fast flux:
- Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC)
- New Zealand’s National Cyber Security Centre (NCSC-NZ)
- United States’ Cybersecurity and Infrastructure Security Agency (CISA)
- United States’ Federal Bureau of Investigation (FBI)
Fast flux is a technique used by threat actors to obfuscate the locations of malicious servers. Threat actors do this by rapidly changing domain name system (DNS) records associated with a domain name. The use of fast flux poses a significant threat to national security. The fast flux technique allows threat actors to create resilient and highly available command and control infrastructure and conceal their malicious activities.
This joint guidance is being released to:
- warn of the ongoing threat of fast flux enabled malicious activities
- highlight a cyber security gap many defenders have in detecting and blocking fast flux enabled activities
- emphasize the need for accurate and reliable fast flux detection analytics
- provide guidance on detecting and mitigating fast flux to safeguard critical infrastructure and sensitive information
To protect networks against fast flux operations, the authoring agencies strongly recommend organizations adopt a multi-layered approach by combining the following actions:
- DNS analysis
- network monitoring
- machine learning
- threat intelligence to protect networks against fast flux operations
Implementing robust detection and mitigation strategies can significantly reduce an organization’s risk of compromise .
Read the full joint guidance Fast Flux: A National Security Threat (PDF).