Detecting Command & Control Communications—Context Is Key

iStock-506503488_Command-Control Center_resized.pngBy now, the concept of the cyber attack chain—or kill chain—is widely accepted as a way to understand and deal with threats.

The first thing that malware does once it’s established on the network is call home—reach out to a Command and Control (C&C) server. C&Cs are famous for controlling botnets, but they are essential for any multi-stage attack. For example, ransomware calls a control server to obtain a unique encryption key.

As we discussed in a previous blog, to detect complex attacks, you need to monitor and analyze information across attack vectors (such as web, email and files), the attack chain, and the IT infrastructure. We’ll talk more about this later but for now, let’s focus on how to effectively detect C&C communications.

Read more.

 

Subscribe to Email Updates

Posts by Topic