Command-and-Control Explained

3min. read

Command-and-control attacks can compromise an entire network. Find out what they are and how they work.

Malicious network attacks have been on the rise in the last decade. One of the most damaging attacks, often executed over DNS, is accomplished through command and control, also called C2 or C&C.

The attacker starts by infecting a computer, which may sit behind a firewall. This can be done in a variety of ways:

  • Via a phishing email that tricks the user into following a link to a malicious website or opening an attachment that executes malicious code.
  • Through security holes in browser plugins.
  • Via other infected software.

Once communication is established, the infected machine sends a signal to the attacker’s server looking for its next instruction. The infected computer will carry out the commands from the attacker’s C2 server and may install additional software. The attacker now has complete control of the victim’s computer and can execute any code. The malicious code will typically spread to more computers, creating a botnet – a network of infected machines. In this way, an attacker who is not authorized to access a company’s network can obtain full control of that network.

What Can Hackers Accomplish Through Command and Control?

  1. Data theft. Sensitive company data, such as financial documents, can be copied or transferred to an attacker’s server.
  2. Shutdown. An attacker can shut down one or several machines, or even bring down a company’s network.
  3. Reboot. Infected computers may suddenly and repeatedly shutdown and reboot, which can disrupt normal business operations.
  4. Distributed denial of service. DDoS attacks overwhelm server or networks by flooding them with internet traffic. Once a botnet is established, an attacker can instruct each bot to send a request to the targeted IP address, creating a jam of requests for the targeted server. The result is like traffic clogging a highway – legitimate traffic to the attacked IP address is denied access. This type of attack can be used take a website down. Learn more about real-world DDoS attacks.

How do you stop attackers from using DNS against you? Read our white paper to learn the steps you can take.

Related Resources

Article

What is a denial of service attack (DoS) ?

A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users by flooding it with traffic.

Read
Article

What Is DNS Tunneling?

DNS tunneling is one of the most damaging DNS attacks. What exactly is it, and how does it work?

Read