How to mitigate DNS attacks: Fast flux is one of many types of DNS attack. But there are tactics organizations can use to mitigate them.In the case of fast flux, the report recommends that:
defenders should use cybersecurity and PDNS services that detect and block fast flux. “By leveraging providers that detect fast flux and implement capabilities for DNS and IP blocking, sinkholing, reputational filtering, enhanced monitoring, logging, and collaborative defense of malicious fast flux domains and IP addresses, organizations can mitigate many risks associated with fast flux and maintain a more secure environment,” says the report;ISPs and cybersecurity service providers, especially PDNS providers, should implement a multi-layered approach in co-ordination with customers for detection.Tactics include:using threat intelligence feeds and reputation services to identify known fast flux domains and associated IP addresses;implementing anomaly detection systems for DNS query logs to identify domains exhibiting high entropy or IP diversity in DNS responses and frequent IP address rotations;analyzing the time-to-live (TTL) values in DNS records, because fast flux domains often have unusually low TTL values;reviewing DNS resolution for inconsistent geolocation;
monitoring for signs of phishing activities, such as suspicious emails, websites, or links and correlating these with fast flux activity, and more.As might be expected because fast flux tries to hide C2 servers, it’s linked to phishing attacks. So the advisory says all IT departments should watch for signs of phishing activity and correlate these with fast flux activity. One defensive tactic: phishing awareness training.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3954873/cyber-agencies-urge-organizations-to-collaborate-to-stop-fast-flux-dns-attacks.html
