Forgot your password?
typodupeerror
Botnet

+ - Attackers Setup Botnet C&C Servers in Enterprise Walls->

Submitted by wiredmikey
wiredmikey (1824622) writes "Skilled attackers are burrowing their command and control (C&C) servers inside the networks of compromised businesses in order to circumvent security measures, according to a security expert familiar with the innovative new attack method.The advantage is that none of that C&C traffic is passing through perimeter firewalls or intrusion detection systems — so it is very unlikely to be detected. While the attacker still needs to send that single communication per day with any stolen data / issuing new commands, this is trickier to detect.

In many cases, the compromised servers being used for C&C were compromised in previous attacks and hackers were able to maintain access.

Also interesting, is that attackers conducting these types of attacks have been seen applying software patches to the compromised systems in an effort to ensure other attackers are kept out.

The new attack tactic adds two more steps to forensic investigation, as now investigators must conduct a penetration test from inside out in order and identify the service wherein a syscall proxy has been embedded in the memory space."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Attackers Setup Botnet C&C Servers in Enterprise Walls

Comments Filter:

"For the man who has everything... Penicillin." -- F. Borquin

Working...