Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Botnet

+ - Attackers Setup Botnet C&C Servers in Enterprise Walls->

Submitted by wiredmikey
wiredmikey (1824622) writes "Skilled attackers are burrowing their command and control (C&C) servers inside the networks of compromised businesses in order to circumvent security measures, according to a security expert familiar with the innovative new attack method.The advantage is that none of that C&C traffic is passing through perimeter firewalls or intrusion detection systems — so it is very unlikely to be detected. While the attacker still needs to send that single communication per day with any stolen data / issuing new commands, this is trickier to detect.

In many cases, the compromised servers being used for C&C were compromised in previous attacks and hackers were able to maintain access.

Also interesting, is that attackers conducting these types of attacks have been seen applying software patches to the compromised systems in an effort to ensure other attackers are kept out.

The new attack tactic adds two more steps to forensic investigation, as now investigators must conduct a penetration test from inside out in order and identify the service wherein a syscall proxy has been embedded in the memory space."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Attackers Setup Botnet C&C Servers in Enterprise Walls

Comments Filter:

Real Users find the one combination of bizarre input values that shuts down the system for days.

Working...