Domain Generated Algorithms (DGAs)

These algorithms are used in a variety of malware types to create a large number of domain names for use in communication with command and control (C&C or C2) servers. In order to achieve autonomous update capabilities, C&C server destinations are often hard-coded into the malware itself—making it easier for law enforcement and cybersecurity forces to find and shut down. DGAs create a large number of potential communication points, and allows malware to reach out to any number of those points—at random—to request updates.

Over the last decade, Domain Generation Algorithms (DGAs) have become a popular tool for threat actors to deliver malware as it has become a difficult technique for defenders to counter attacks.