The processes and tools behind a true APT campaign: Command & Control

In this stage of the APT campaign, attackers have infiltrated the network and are beginning to work toward their endgame

By Steve Ragan, CSO |  Security, Advanced Persistent Threats, insider

In part four of a series on understanding the processes and tools behind an APT-based incident, CSO examines the Command & Control phase, often referred to as C2. During this phase, the attacker(s) are on the network, and depending on their objectives, will start focusing on their endgame.

[Cybercriminals increasingly use the Tor network to control botnets, researchers say]

"The first 'phone home' activity will usually take place directly following infection, activity at this point will include establishing the channel and downloading further tools for local reconnaissance, credential theft and escalation of privileges," Rik Ferguson, the VP Security Research at Trend Micro, told CSO.

To continue reading, register here to become an Insider. It's FREE to join!

This article is part of a series about APT campaigns. The topics covered in this series are:
Reconnaissance
Weaponization and Delivery
Exploitation and Installation
Command and Control, and
Exfiltration

Don't miss...


18 hot IT certifications for 2014

6 IT hiring tips to weed out the duds

The helpful, handy, FREE programs your new PC needs

  Sign me up for ITworld's FREE daily newsletter!
Email: 
 


Originally published on CSO |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Spotlight on ...
Online Training

    Upgrade your skills and earn higher pay

    Readers to share their best tips for maximizing training dollars and getting the most out self-directed learning. Here’s what they said.

     

    Learn more

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question
randomness