Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • The MITRE ATT&CK Framework: Command and Control
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

The MITRE ATT&CK Framework: Command and Control

6 years ago Travis Smith
The MITRE ATT&CK Framework: Command and Control

Most malware these days has some level of Command and Control. This can be to exfiltrate data, tell the malware what instructions to execute next, or download encryption keys in the case of ransomware.

In each case of command and control, the attacker is accessing the network from a remote location. Having insight into what is happening on the network is going to be crucial in addressing these techniques.

Using a Firewall

In many cases, having a properly configured firewall to limit what data can leave endpoints, as well as the network, will help. While some malware families will try and hide traffic on unusually high network ports, others will also use ports like 80 and 443 to try and blend into the noise of the network.

In this case, you’ll want to use a perimeter firewall that brings in threat intelligence data to identify malicious URLs and IP addresses. This won’t stop all attacks but it can help filter out some commodity malware.

If the perimeter firewall cannot consume threat intelligence, then the firewall and/or perimeter logs should be sent to a centralized logging server that can consume that level of data for further analysis. Tools like Splunk or the ELK stack are a great resource for identifying malicious command and control traffic.

Running network traffic through Bro IDS is another option in trying to find anomalous network behavior, again sending the logs into Splunk or ELK for further analysis.

Network Segmentation

Proper network segmentation is also going to help in this case. I like to provide the example of credit card scraping malware and how network segmentation can help.

Point-of-sale (POS) machines have predictable configurations and will only talk to predictable locations on the local network, as well as the Internet, if necessary. Should a piece of malware end up on a point of sale machine, the malware can scrape the memory all it wants.

If the network is properly segmented, the scraped credit card data will not be allowed anywhere of value to the attacker.

Mitigation

Properly mitigating these techniques is going to rely on proper network architecture, as well as following basic and foundational controls. Since this is usually the last stage of an attack, ideally there are other mechanisms in place to mitigate or detect the attack in place.

However, don’t let that stop you from spending time working on addressing any gaps in the command and control coverage.

Read more about the MITRE ATT&CK Framework here:

  • The MITRE ATT&CK Framework: Initial Access
  • The MITRE ATT&CK Framework: Execution
  • The MITRE ATT&CK Framework: Persistence
  • The MITRE ATT&CK Framework: Privilege Escalation
  • The MITRE ATT&CK Framework: Defense Evasion
  • The MITRE ATT&CK Framework: Credential Access
  • The MITRE ATT&CK Framework: Discovery
  • The MITRE ATT&CK Framework: Lateral Movement
  • The MITRE ATT&CK Framework: Collection
  • The MITRE ATT&CK Framework: Exfiltration
  • The MITRE ATT&CK Framework: Command and Control
  • The MITRE ATT&CK Framework: Impact

The post ” The MITRE ATT&CK Framework: Command and Control” appeared first on TripWire

Source:TripWire – Travis Smith

Tags: High Severity, Malware, Ransomware, TripWire

Continue Reading

Previous SMBleed: A New Critical Vulnerability Affects Windows SMB Protocol
Next Ragnar Locker Partnered with Maze Ransomware Cartel

More Stories

  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware

4 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm

5 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists

2 days ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms

2 days ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware

CERT Polska Details Coordinated Cyber Attacks on 30+ Wind and Solar Farms

2 days ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access

3 days ago [email protected] (The Hacker News)

Recent Posts

  • eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware
  • Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm
  • Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists
  • Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms
  • CERT Polska Details Coordinated Cyber Attacks on 30+ Wind and Solar Farms

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT