Premium Content

Access "Command-and-control servers: The puppet masters that govern malware"

Adam Rice and James Ringold Published: 02 Jun 2014

Command-and-control servers, also called C&C or C2, are used by attackers to maintain communications with compromised systems within a target network. The terms "command" and "control" are often bandied about without a clear understanding, even among some security professionals, of how these communications techniques work to govern malware. Half of the 315 security professionals surveyed about malware at organizations with more than 1,000 employees were "not very familiar" or "not at all familiar" with command-and-control communications techniques, according to Enterprise Strategy Group research. The knowledge gap widened based on their organization's security resources, from 24% of those with advanced security programs to 48% with average resources, and 82% with basic cybersecurity. As the name implies, command-and-control servers issue commands and controls to compromised systems (often Internet-connected computers of home users that then form zombie armies known as botnets). These communications can be as simple as maintaining a timed beacon or "heartbeat... Access >>>

Access TechTarget
Premium Content for Free.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

What's Inside

Features

More Premium Content Accessible For Free

  • Strategies for a successful data protection program
    data_protection_2014.png
    E-Handbook

    Deploying data protection technologies properly requires a lot of time and patience. While most firms can get started by using preconfigured policies...

  • Devices, data and how enterprise mobile management reconciles the two
    ISM_supp_1014.png
    E-Zine

    The bring your own device (BYOD) movement, which has flooded the enterprise with employee-owned smartphones, tablets, phablets and purse-sized ...

  • Putting security on auto-pilot: What works, what doesn't
    security_auto-pilot.png
    E-Handbook

    For so long penetration testing meant hiring an expert to use skill and savvy to try to infiltrate the company system. But, as with most ...