What is a Command-and-Control Server (C&C Server) – TechTarget

What is a Command-and-Control Server (C&C Server) – TechTarget

A command-and-control server (C&C server) is a computer that issues directives to digital devices that have been infected with rootkits or other types of malware, such as ransomware. C&C servers can be used to create powerful networks of infected devices capable of carrying out distributed denial-of-service (DDoS) attacks, stealing data, deleting data or encrypting data in order to carry out an extortion scheme.
In the past, a C&C server was often under an attacker’s physical control and could remain active for several years. Today, C&C servers generally have a short shelf life; they often reside in legitimate cloud services and use automated domain generation algorithms to make it more difficult for law enforcement and ethical malware hunters to locate them.
For a C&C attack to materialize, a malicious remote server known as a C&C server must gain a foothold into an already infected machine. Most devices such as laptops, desktops, tablets, smartphones and IoT devices are vulnerable to this type of attack.
Command-and-control server attacks are typically carried out through the following channels:
After the successful invasion of a device, a threat actor establishes communication with the malicious C&C server to send instructions to the infected host and form a malicious network. A malicious network under a C&C server’s control is called a botnet and the network nodes that belong to the botnet are sometimes referred to as zombies. Beaconing can also be used between the infected device and the C&C server to deliver instructions or additional payloads.
Once the infected host starts executing the commands sent by the C&C server, further malware is installed, which gives the threat actor full control over the compromised machine. To avoid detection by firewalls, threat actors might try to blend C&C traffic with other types of legitimate traffic, including HTTP, HTTPS or domain name system.
Even with cybersecurity and threat intelligence mechanisms in place, organizations may not always effectively monitor outbound communications. This may let certain outbound communication channels — including phishing emails, lateral movements or infected websites — weave their way into a network and inflict damage.
C&C servers act as the headquarters where all activities related to the targeted attack report back. Besides installing malware, a threat attacker may use a C&C server to carry out the following malicious activities:
A botnet is a group of malware-infected and internet-connected bots that are controlled by a threat actor. Most botnets have a centralized command-and-control architecture, although peer-to-peer (P2P) botnets are on the rise due to their decentralized nature, which offers more control to the threat actors.
Popular botnet topologies include the following:
In a traditional botnet, the bots are infected with a Trojan horse and use Internet Relay Chat (IRC) to communicate with a central C&C server. These botnets are often used to distribute spam or malware and gather misappropriated information, such as credit card numbers. Since IRC communication is typically used to command botnets, it’s often guarded against. This has motivated cybercriminals to find more covert ways for C&C servers to issue commands. Alternative channels used for botnet commands include JPEG images, Microsoft Word files and posts from LinkedIn or Twitter dummy accounts.
Botnets can fuel DDoS attacks by taking advantage of IoT vulnerabilities. Learn how hackers create an IoT botnet and initiate a DDoS attack to infect networks.
Narrow AI is an application of artificial intelligence technologies to enable a high-functioning system that replicates — and perhaps surpasses — human intelligence for a dedicated purpose.
The presentation layer resides at Layer 6 of the Open Systems Interconnection (OSI) communications model and ensures that …
A campus network is a proprietary local area network (LAN) or set of interconnected LANs serving a corporation, government agency…
A point-of-presence (POP) is a point or physical location where two or more networks or communication devices build a connection …
Heartbleed was a vulnerability in some implementations of OpenSSL, an open source cryptographic library.
Risk management is the process of identifying, assessing and controlling threats to an organization’s capital and earnings.
Cybersecurity is the protection of internet-connected systems such as hardware, software and data from cyberthreats.
A project management office (PMO) is a group, agency or department that defines and maintains the standards of project management…
Emotional intelligence (EI) is the area of cognitive ability that facilitates interpersonal behavior.
A change agent, or agent of change, is someone who promotes and enables change to happen within any group or organization.
Employee self-service (ESS) is a widely used human resources technology that enables employees to perform many job-related …
A learning experience platform (LXP) is an AI-driven peer learning experience platform delivered using software as a service (…
Talent acquisition is the strategic process employers use to analyze their long-term talent needs in the context of business …
Voice or speaker recognition is the ability of a machine or program to receive and interpret dictation or to understand and …
TAM SAM SOM is a set of acronyms used to quantify the business opportunity for a brand in a given market.
Video marketing is the use of video content to promote a brand, product or service.
All Rights Reserved, Copyright 1999 – 2023, TechTarget

Privacy Policy
Cookie Preferences
Do Not Sell or Share My Personal Information

source

About the Author

Leave a Reply

error: Konten dilindungi !!
adana eskort - eskişehir eskort - eskort mersin -

taşlı led avize