Cybersecurity agencies from Australia, Canada, New Zealand and the United States have published joint consultations on the risks related to the technique called Fast flow This was accepted by the actors threatening to obscure the team and control channel (C2).
“” Quick Stream “is a technique used to exacerbate malicious servers through rapidly changing domain names (DNS) associated with one domain name”, agencies – Note. “This threat uses a gap that is commonly found in network protection, making tracking and blocking malicious rapid flow.”
Advisory provision is provided by the US Cybersecurity and Infrastructure Agency (CISA), the National Security Agency (NSA), the Federal Investigation Bureau (FBI), the Australian Cybersecurity Center in Australia, the Cybersecurity Center and the National Cyber Security Center.
In recent years, many hacked groups have been taken by a quick stream, including with the participation of the threat Homoredon. Kryptahameleonand Raspine Robin Seeking to make your malicious infrastructure evading the detection and law enforcement agencies.
A approach Essentially, it entails the use of different IP -Drasses and turning them in rapid continuity, pointing to one harmful domain. It was first discovered in the wild in 2007 as part of the Honeynet project.
It can be either a stream where one domain name is related to numerous IP -lines, or double stream, where, in addition to changing IP, the DNS name servers responsible for the domain settlement, are also often changing, offering an extra layer of excess and anonymity for Rogue domains.
“Quick Fast Net” Fast “because, using DNS, it quickly rotates through numerous boots using each one only short to make difficult IP -based efforts and take efforts,” “Palo Alto Networks Unit 42 – Note In a report published in 2021.
Describing rapid flow as a threat to national security, the agencies stated that the threatening subjects use the technique to exacerbate the malicious servers, as well as establish the elastic infrastructure C2, which can withstand the efforts of removal.
That’s not all. Fast flow plays a vital role outside the C2 Communications to help the enemy pursuing phishing, as well as the stage and distribute malicious software.
To ensure the rapid flow of organizations, it is recommended to block IP -Drace, malicious sink domains, filter traffic into domains and with IP -residues with poor reputation, implement expanded monitoring and awareness and training of phishing.
“The fast stream is a constant threat to the network safety, using rapidly changing infrastructure to embarrass the harmful activity,” the agencies said. “By introducing reliable detection and mitigation strategies, organizations can significantly reduce the risk of compromise by rapid threat with stream support.”
