The processes and tools behind a true APT campaign: Command & Control

FREE

Become An Insider

Sign up now and get free access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content from the best tech brands on the Internet: CIO, CITEworld, CSO, Computerworld, InfoWorld, ITworld and Network World. Learn more.

In part four of a series on understanding the processes and tools behind an APT-based incident, CSO examines the Command & Control phase, often referred to as C2. During this phase, the attacker(s) are on the network, and depending on their objectives, will start focusing on their endgame.

[Cybercriminals increasingly use the Tor network to control botnets, researchers say]

"The first 'phone home' activity will usually take place directly following infection, activity at this point will include establishing the channel and downloading further tools for local reconnaissance, credential theft and escalation of privileges," Rik Ferguson, the VP Security Research at Trend Micro, told CSO.

To continue reading, please begin the free registration process or sign in to your Insider account by entering your email address:
Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies