Dynamic DNS (DDNS) is abused by malware for C2 — using free DDNS services to host C2 infrastructure that changes IPs frequently, evading IP-based blocking.
Block known DDNS providers (no-ip.com, dyndns.org) at the firewall if not needed for business. Fast-flux DNS rapidly changes IPs to make takedowns hard. DGAs (Domain Generation Algorithms) generate random C2 domains algorithmically.