Research has been conducted by Akamai around Command and control (C2) traffic to understand prevalent threats in corporate and home networks, and the results are concerning.
According to their findings between 10% and 16% of organisations have encountered C2 traffic within their networks in any given quarter. This may be indicative of malware attempting to communicate with an operator and is a potential sign of a breach.
26% of affected devices have reached out to initial access broker (IAB) C2 domains, including Emotet and Qakbot-related domains. The initial access brokers present a significant risk to organisations as their main role is to complete the initial breach and then sell this access on to cyber criminal groups or ransomware groups.
30% of affected organisations are within the manufacturing sector. The cybercriminal's predominant aim is to disrupt their services and to have a wider knock on effect to multiple organisations through disruption of the supply chains.
JDNS have been identified as a highway for attack traffic and ransomware groups, and cybercriminals are leveraging DNS to facilitate the breaches of networks to be able to move laterally.
C2 can be used to facilitate an attack in progress, to download the next-stage malware and other payloads, and to establish backdoor access. These transactions and attack traffic often pass through the Domain Name System (DNS).
DNS is often seen as the interaction between users and websites, it can, in fact, contain large amounts of malicious traffic, and act as an important part of the attack’s infrastructure.
A Zero Trust mindset should be adopted and businesses must consider where and how attacks can be disrupted, and where to apply these principles. Zero Trust is a network security strategy based on the philosophy that no person or device inside or outside of an organisation’s network should be granted access to connect to IT systems or workloads unless it is explicitly deemed necessary. In short, it means zero implicit trust.
IT teams need to ensure that users and devices can safely connect to the internet, regardless of where the access request is from, without the complexity associated with legacy approaches.
They also need to proactively identify, block, and mitigate targeted threats such as malware, ransomware, phishing, DNS data exfiltration, and advanced zero-day vulnerabilities for users. Zero Trust security can improve security postures while reducing the risk of malware.
Reporting
Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).