Detecting Command & Control Communications—Context Is Key
By Israel Aloni
Posted in Cyber Intelligence
By now, the concept of the cyber attack chain—or kill chain—is widely accepted as a way to understand and deal with threats.
The first thing that malware does once it’s established on the network is call home—reach out to a Command and Control (C&C) server. C&Cs are famous for controlling botnets, but they are essential for any multi-stage attack. For example, ransomware calls a control server to obtain a unique encryption key.
As we discussed in a previous blog, to detect complex attacks, you need to monitor and analyze information across attack vectors (such as web, email and files), the attack chain, and the IT infrastructure. We’ll talk more about this later but for now, let’s focus on how to effectively detect C&C communications.
Want to stay up to date with all the latest insights?
Subscribe to our weekly or monthly digests of all the latest insights and articles from from Verint