US, Australia, Canada warn of ‘fast flux’ scheme used by ransomware gangs therecord.media/us-austra…

Ransomware gangs and Russian government hackers are increasingly turning to an old tactic called “fast flux” to hide the location of infrastructure used in cyberattacks. Cybercriminals and nation-state actors use the fast flux technique to rapidly change the Domain Name System (DNS) records associated with a single domain name — hiding the locations of malicious servers, according to an advisory published on Thursday by cybersecurity agencies in the U.S., Australia, Canada and New Zealand.

Officials explained that malicious actors hack into devices and networks using malware that needs to “call home” to threat actors and send status updates or receive further instructions.

“To decrease the risk of detection by network defenders, malicious cyber actors use dynamic resolution techniques, such as fast flux, so their communications are less likely to be detected as malicious and blocked,” the agencies said.