Skip to main content

Hackers have turned to 'fast flux' techniques to evade security solutions

(Image credit: Shutterstock / Song_about_summer)

When law enforcement agencies take down a botnet (opens in new tab)or a major spam or phishing operation, it usually involves disabling servers and hosting (opens in new tab) services. To counter these measures, criminals have started turning towards a new technique called “fast flux”.

This is according to a new report from cybersecurity firm Unit 42, which explains that fast flux increases criminal infrastructure resilience by making takedown of their servers and blacklisting of their IP addresses harder.

Describing the practice, Unit 42 says fast flux is, in theory, not that much different from contingency plans made by benign service providers and that the motivation is basically the same: ensuring uptime. This is achieved by utilizing round-robin in the Domain Name System (RRDNS) or Content Delivery Networks (CDNs), the company said.

Cybercriminals also use DNS to quickly rotate through many bots, using each one for only a brief period of time, which makes it harder for law enforcement agencies to block known IP addresses.

“While more basic techniques can be easily countered, advanced techniques result in a cat-and-mouse game between cybercriminals and law enforcement,” said Unit 42.

“Double fluxing can make IP-based blocklists and host takedowns ineffective. Domain Generation Algorithm (DGA) domains make static domain blocklists and domain takeovers less effective.”

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.