Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
Botnet

Submission + - Attackers Setup Botnet C&C Servers in Enterprise Walls (securityweek.com)

wiredmikey writes: Skilled attackers are burrowing their command and control (C&C) servers inside the networks of compromised businesses in order to circumvent security measures, according to a security expert familiar with the innovative new attack method.The advantage is that none of that C&C traffic is passing through perimeter firewalls or intrusion detection systems — so it is very unlikely to be detected. While the attacker still needs to send that single communication per day with any stolen data / issuing new commands, this is trickier to detect.

In many cases, the compromised servers being used for C&C were compromised in previous attacks and hackers were able to maintain access.

Also interesting, is that attackers conducting these types of attacks have been seen applying software patches to the compromised systems in an effort to ensure other attackers are kept out.

The new attack tactic adds two more steps to forensic investigation, as now investigators must conduct a penetration test from inside out in order and identify the service wherein a syscall proxy has been embedded in the memory space.

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Attackers Setup Botnet C&C Servers in Enterprise Walls

Comments Filter:

Do you suffer painful recrimination? -- Nancy Boxer, "Structured Programming with Come-froms"

Working...