The processes and tools behind a true APT campaign: Command & Control

FREE

Become An Insider

Sign up now and get free access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content from the best tech brands on the Internet: CIO, CSO, Computerworld, InfoWorld, IT World and Network World Learn more.

In this stage of the APT campaign, attackers have infiltrated the network and are beginning to work toward their endgame

In part four of a series on understanding the processes and tools behind an APT-based incident, CSO examines the Command & Control phase, often referred to as C2. During this phase, the attacker(s) are on the network, and depending on their objectives, will start focusing on their endgame.

[Cybercriminals increasingly use the Tor network to control botnets, researchers say]

"The first 'phone home' activity will usually take place directly following infection, activity at this point will include establishing the channel and downloading further tools for local reconnaissance, credential theft and escalation of privileges," Rik Ferguson, the VP Security Research at Trend Micro, told CSO.

To continue reading, please begin the free registration process or sign in to your Insider account by entering your email address:
Top 10 Hot Internet of Things Startups
Join the discussion
Be the first to comment on this article. Our Commenting Policies