The Angler Exploit Kit has begun using domain shadowing as a technique to avoid detection and blocking, researchers at Cisco Talos said. The attackers are using stolen domain registrant credentials to create massive lists of subdomains that are used in rapid-fire attacks. Cisco has found hundreds of compromised accounts, most of them GoDaddy accounts, and control up to 10,000 unique domains. Domain shadowing may soon supercede fast flux, a technique that allows hackers to stay one step ahead of detection.
Source: https://threatpost.com/domain-shadowing-latest-angler-exploit-kit-evasion-technique/111396/