US Agencies Warn of ‘Fast Flux’ Attacks Derailing Enterprise Networks

Now more than ever, cybersecurity is defined by an ongoing arms race.

As enterprises and organizations seek to secure their perimeters with sophisticated technological walls, leveraging artificial intelligence (AI), machine learning and other tactics. threat actors and cybercriminals are working to build taller and taller ladders to probe vulnerabilities.

At times, it can feel as though nearly every week a new attack is revealed. For example, on April 4, the food giant WK Kellogg Co notified its employees and vendors that company data was stolen during an earlier attack.

New cyberattacks also bring with them new cybertactics as criminals hone their toolkits. On April 3, the U.S. National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and the FBI, along with foreign peer organizations, released a joint cybersecurity advisory (CSA) warning that many networks have a gap in their defenses for detecting and blocking a malicious technique known as “fast flux.”

Fast flux, a sophisticated technique used by cybercriminals and nation-state actors, works by rapidly changing Domain Name System (DNS) records. This allows attackers to obscure the locations of their malicious servers and build resilient command-and-control (C2) infrastructures.

In the relentless cat-and-mouse game between cybersecurity professionals and threat actors, the fast flux technique’s ability to maintain operational integrity through constant flux could present a dire challenge for defenders.

Read more: CFOs Embrace Zero Trust Architectures as Back Offices Go Headless and Distributed

At its core, fast flux leverages the dependency of internet architecture on DNS infrastructure. DNS operates as the internet’s phonebook, translating human-readable domain names into IP addresses that computers use to communicate. Attackers exploiting fast flux are able effectively weaponize this dependency by continuously altering the DNS mapping of their malicious domains.

While fast flux can be employed for legitimate purposes such as enhancing the performance of content delivery networks (CDNs) or load balancers, its misuse by malicious actors presents a growing threat.

The technique, which leverages a network of compromised devices acting as proxies, poses challenges to detection and mitigation efforts. As networks depend on DNS infrastructure, fast flux attacks are able to exploit this dependency to enhance their durability and evasiveness. Even when security teams successfully blacklist an IP address, the attacker’s infrastructure can remain operational through alternate IPs within seconds.

The success of fast flux attacks lies in their exploitation of two critical factors: scale and adaptability. With the proliferation of internet-connected devices, the pool of vulnerable systems that can be co-opted into a botnet has grown exponentially. Attackers frequently leverage these compromised systems to form resilient networks capable of handling immense traffic loads.

See also: What B2B Firms Can Learn From Big Tech’s Cybersecurity Initiatives

In interviews for the “What’s Next in Payments” series, a panel of executives explained to PYMNTS that a multilayered security strategy, also known as defense in depth, reduces risks at various levels. 

Per the guidance issued by the U.S. defense agencies, addressing fast flux requires a multilayered approach that combines DNS analysis, network monitoring, and threat intelligence.

Key measures can include DNS and IP blocking, sinkholing, and reputational filtering of malicious fast flux domains; enhanced monitoring and logging of DNS traffic to identify anomalous activities; collaboration with trusted partners to share detected indicators of compromise and bolster collective defenses; and implementing training programs to enhance phishing awareness and readiness.

While technical solutions such as DNS analysis and monitoring are crucial, collaboration across the cybersecurity community remains essential. By sharing intelligence and coordinating efforts, stakeholders can enhance their defenses against this evolving threat.

“If you’re not automating and continuously testing, you’re going to be outpaced. Cybercriminals are optimizing their ROI. They’ll target the weakest link,” Santiago Rosenblatt , founder and CEO of Strike, told PYMNTS.

According to the PYMNTS Intelligence report “Cybersecurity Risks Cause Middle-Market CFOs to Cancel Innovation Plans,” 44% of middle-market firms have invested in cybersecurity defenses.

Within the banking sector specifically, the separate PYMNTS Intelligence report “The State of Fraud and Financial Crime in the U.S.: What FIs Need to Know,” found that 76% of financial institutions (FIs) plan to implement or upgrade fraud detection systems, up from 49% in 2023. However, at the same time, 83% of FIs cited cost as a barrier to upgrading.

The post US Agencies Warn of ‘Fast Flux’ Attacks Derailing Enterprise Networks appeared first on PYMNTS.com.