Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Command & Control: Understanding, denying, detecting

UK Centre for the Protection of National Infrastructure report: “Modern computer usage has seen an ever-increasing use of the Internet. More and more business is being conducted on or over the Internet, communication via the Internet is the norm for many transactions, and many people now socialise via sites on the Internet. This is generally seen as a beneficial progression of technology; however, any progress can be used negatively as well as positively, and so the Internet is also used as a conduit for malware and crime. Many computer users are familiar with stories of indiscriminate malware whose purpose is to steal credentials, blackmail users or just cause disruption on a network. This class of malware can be described as a “fire-and-forget” attack, where no further instruction is required from the malware author after initial release. BotNets are familiar to many users as a network of infected machines that are controlled for the purposes of sending spam and other attacks. More complex and long-lived malware with more specific goals has recently emerged as the major threat to many organisations, often referred to as Advanced Persistent Threats (APTs). BotNets, APTs and other prolonged attacks require further instruction and remote control to be successful, including information such as where to attack or which machines to collect information from. This prolonged control requires some form of communication channel over which commands and results can be sent. This is known as a Command and Control (C2) channel. In addition to this channel, APT attacks will often have a data exfiltration channel that may or may not use the same mechanism as the C2 channel. The main body of this document briefly describes the threats to the networked world that we live in, concentrating particularly on the C2 channel of malware and APTs.”

Sorry, comments are closed for this post.