Beyond the malicious and phishing activities of the ActiveWeb, lurks suspicious activity with new domain registrations in the ProActiveWeb.
Domain Generation Algorithms (DGA)
Domain Generation Algorithms (DGA) are used in a variety of malware types to create a large number of domain names for use in communication with command and control (C&C or C2) servers. In order to achieve autonomous update capabilities, C&C server destinations are often hard-coded into the malware itself—making it easier for law enforcement and cybersecurity forces to find and shut down. DGAs create a large number of potential communication points, and allows malware to reach out to any number of those points—at random—to request updates.
Over the last decade, DGAs have become popular in the Tactics, Techniques and Procedures (TTP) used by threat actors for delivering malware because it can often be a difficult for defenders to counter attacks.
Domain Generation Algorithms (DGAs) are a key tool for threat actors. As DGAs become more sophisticated and increasingly difficult to detect, zvelo’s Cybersecurity Team recommends heightened awareness and shares what you need to know.