Protect Against Russia-Ukraine Cyber Activity
Search
3min. read

Command and Control Explained

Command-and-control attacks can compromise an entire network. Find out what they are and how they work.

Malicious network attacks have been on the rise in the last decade. One of the most damaging attacks, often executed over DNS, is accomplished through command and control, also called C2 or C&C.

The attacker starts by infecting a computer, which may sit behind a firewall. This can be done in a variety of ways:

  • Via a phishing email that tricks the user into following a link to a malicious website or opening an attachment that executes malicious code.
  • Through security holes in browser plugins.
  • Via other infected software.

Once communication is established, the infected machine sends a signal to the attacker’s server looking for its next instruction. The infected computer will carry out the commands from the attacker’s C2 server and may install additional software. The attacker now has complete control of the victim’s computer and can execute any code. The malicious code will typically spread to more computers, creating a botnet – a network of infected machines. In this way, an attacker who is not authorized to access a company’s network can obtain full control of that network.

What Can Hackers Accomplish Through Command and Control?

  1. Data theft. Sensitive company data, such as financial documents, can be copied or transferred to an attacker’s server.
  2. Shutdown. An attacker can shut down one or several machines, or even bring down a company’s network.
  3. Reboot. Infected computers may suddenly and repeatedly shutdown and reboot, which can disrupt normal business operations.
  4. Distributed denial of service. DDoS attacks overwhelm server or networks by flooding them with internet traffic. Once a botnet is established, an attacker can instruct each bot to send a request to the targeted IP address, creating a jam of requests for the targeted server. The result is like traffic clogging a highway – legitimate traffic to the attacked IP address is denied access. This type of attack can be used take a website down. Learn more about real-world DDoS attacks.

How do you stop attackers from using DNS against you? Read our white paper to learn the steps you can take.

Bot master

Get the latest news, invites to events and threat alerts

Popular Resources

Legal Notices

Popular Links

Report a Vulnerability