- The CISA, the FBI and the partners warn against the “fast flow” attacks
- The technique implies that the attackers quickly change the IP addresses of their malicious areas
- To combat the threat, organizations should opt for a multilayer approach
The American Cybersecurity and Infrastructure Agency (CISA) warned government agencies, Internet service providers (ISP) and other organizations, so-called “fast flow attacks” which, he says, become a growing problem in cyberspace.
Quick flow attacks are a technique where attackers quickly modify the IP addresses associated with a malicious area using a botnet, which makes follow -up and demolition difficult.
This method helps hide phishing sites, malware distribution networks and command and control servers by taking advantage of a constantly evolving pool of compromise hosts.
Mitigate the threat
CISA has published a new security advice to warn the threat, as well as the FBI, the NSA, the Australian Signals Direction of the Cyber Security Center of the Signals Directorate (ACSC), the Canadian Cybersecurity Center (CCCS) and the National Cyber Security Center (NCSC-NZ).
“Many networks have a gap in their defenses to detect and block a malicious technique known as” fast flow “, says the opinion.
“This advice aims to encourage service providers, in particular protective DNS (PDN) suppliers, in order to mitigate this threat by taking proactive measures to develop fast and reliable and timely flow detection analyzes and blocking capacities for their customers.”
The CISA has also provided advice on how to detect and mitigate rapid flow attacks, which include the adoption of a multilayer approach by DNS analysis, network surveillance and threat intelligence.
He also indicated that agencies should work together on the construction and deployment of evolutionary solutions which “will fill the current gap” in the network defenses.
Finally, agencies have stressed that certain legitimate activities, such as content delivery network behaviors (CDN), “may resemble” a malicious rapid flow activity.
“DNS protection services, service providers and network defenders should make reasonable efforts, such as allowing the expected CDN services to avoid blocking or hindering legitimate content,” concludes the opinion.
Via The register
