On April 3, 2025, the Cybersecurity Infrastructure Security Agency released a joint cybersecurity advisory alongside the National Security Agency, Federal Bureau of Investigations, Australian Signals Directorate’s Australian Cyber Security Centre, Canadian Centre for Cyber Security and New Zealand National Cyber Security Centre on a cyberattack technique known as “fast flux.”  In a cyberattack using fast flux, cyber attackers rapidly change Domain Name System (DNS) records to obscure the locations of malicious servers and create resilient command and control (C2) infrastructure, thereby rendering IP blocking ineffective, hindering attempts to disrupt their malicious cyber activity or discern their identities and decreasing the risk of detection. Cyber criminals also use fast flux to prevent take downs of malicious websites, protect botnet managers, hinder the identification and blocking of viruses and more. And numerous significant malicious cyber actors, such as Hive and Gamaredon, have already been found to implement the technique.

The cybersecurity advisory calls on both government and protective DNS providers to collaborate in closing the gap in network defenses to fast flux attacks. Vendors and partners that provide protective DNS services will want to take heed of this advisory. Savvy cybersecurity companies, big data companies and internet service providers may also find opportunity to market their solutions as helpful tools in combatting fast flux-supported cyberattacks.

Examples of tools useful in fast flux detection specifically listed in the joint advisory include but are not limited to: anomaly detection systems for DNS query logs, time-to-live value analysis in DNS records and flow data analysis. The advisory also lists, as a tool for identifying the use of fast flux, the development of specific algorithms to “identify anomalous traffic patterns that deviate from usual network DNS behavior,” an example that may provide specific opportunities for companies selling big data solutions.

Additionally, and of particular interest to providers of protective DNS, internet, or cybersecurity services, are the various mitigation strategies listed in the cybersecurity advisory. Providers of any of these three services should emphasize the ease of implementing these mitigation strategies through their services with their government customers. Highlight if your IT company can enable easy or automatic sinkholing or blocking of malicious domains and IP addresses, maintains a list of automatically-blocked domains and IP addresses based on reputation, provides significant DNS traffic and network communications logging and monitoring, especially if that monitoring has a specific eye on identifying fast flux activities, offers automated alerting for fast flux pattern detection or shares detected fast flux indicators with other organizations or offers information sharing solutions to facilitate the sharing of fast flux indicators between customers or networks. Note as well to your government customer if you regularly ensure employees are prepared to handle phishing attempts.

Fortunately, many of the methods to mitigate fast flux techniques are also useful in protecting against other forms of cyberattacks, making them powerful tools to market to government agencies. The specific focus on fast flux techniques creates added importance to these tools given the recent advisory, and IT companies would do well to mention these tools’ general cybersecurity benefits, in addition to specifically calling out their helpfulness against fast flux. The cybersecurity advisory ends with a strong recommendation from the authoring agencies for organizations to “engage their cybersecurity providers on developing a multi-layered approach to detect and mitigate malicious fast flux operations,” a recommendation which leaves no doubt to the benefit of emphasizing defenses against fast flux techniques in marketing campaigns.

To get more TD SYNNEX Public Sector Market Insight content, please visit our Market Intelligence microsite.
 

About the Author:
Gabriel is a Sr Market Insights Data Analyst at TD SYNNEX Public Sector whose work focuses on using quantitative and qualitative analysis to provide actionable insights to TD SYNNEX’s vendors and resellers in the public sector.