Malicious network attacks have been on the rise in the last decade. One of the most damaging attacks, often executed over DNS, is accomplished through command and control (C2). Command-and-control attacks can compromise an entire network.
The attacker starts by infecting a computer, which may sit behind a firewall. This can be done in a variety of ways:
- Via a phishing email that tricks the user into following a link to a malicious website or opening an attachment that executes malicious code
- Through security holes in browser plugins
- Via other infected software
After communication is established, the infected machine sends a signal to the attacker’s server looking for its next instruction. The infected computer will carry out the commands from the attacker’s C2 server and may install additional software. The attacker now has complete control of the victim’s computer and can execute any code. The malicious code will typically spread to more computers, creating a botnet—a network of infected machines. In this way, an attacker who is not authorized to access a company’s network can obtain full control of that network.
What can hackers accomplish through command and control?
- Data theft: Sensitive company data, such as financial documents, can be copied or transferred to an attacker’s server.
- Shutdown: An attacker can shut down one or several machines, or even bring down a company’s network.
- Reboot: Infected computers may suddenly and repeatedly shut down and reboot, which can disrupt normal business operations.
- Distributed denial of service (DDoS): DDoS attacks overwhelm servers or networks by flooding them with internet traffic. After a botnet is established, an attacker can instruct each bot to send a request to the targeted IP address, creating a jam of requests for the targeted server. The result is like traffic clogging a highway—legitimate traffic to the attacked IP address is denied access. This type of attack can be used to take down a website.