Command and Control (C&C) Server

21st February 2020 | Cybrary Command and Control (C&C) Server


A Command and Control (C&C) Server is a computer being controlled remotely by a cyber criminal that is used as a command center to send commands to systems that have been infected with malware and usually part of a large Bot network. Systems running malware communicating to Internet based C&C servers can exfiltrate critical data from your organization such as when the Emotet virus captures user passwords and sends them to the C&C servers online. They can do a whole lot more damage too.

Other malware used in C&C communications is doing things like Crypto-mining (aka Crytojacking), participating in Denial of Service attacks, or just lying idle waiting for the hacker who owns the network of Bots to need something done and issue a command to them to wake up and perform some task,

Establishing C&C communications is usually a significant step for attackers enabling them to move laterally inside a network or organization. This is because the malware can receive new instructions and new malware to scan the local network for additional at risk systems to compromise.

Related Term: Botnet, CryptoJacking or Crypto-Mining

Related Reading: What DNS Encryption Means for Enterprise Threat Hunters

Source: TrendMicro

How do I defend against this as a SMB?

Stop this malware from entering your network by educating your staff on the common sources of infection. These Bots and Botnets are malware that infiltrates your company through phishing attacks, as well as weakly authenticated remote access (remote access that is not using two-factor authentication). To protect against Bots and Botnets, SMB owners should always ensure they do the following:

  1. Train employees to spot and avoid Phishing Attacks.
  2. Where possible, remove Administrator Rights from your employees.
  3. Deploy next-generation Anti-virus software and keep it up to date;
  4. Ensure you enable 2-factor authentication to access your VPN, O365, G-Suite, banking, and all other critical accounts.
  5. If you have 1 through 4 in place, the next major improvement would be to adopt a Password Manager across your company. 

These steps, practices, and tools improve both your overall security and productivity.

To learn more about C&C Servers and how they relate to Botnets, watch this short video:

Are you doing enough to protect your business?

Sign up with CyberHoot today and sleep better knowing your

employees are cyber trained and on guard!


Sign Up Today!

Latest Blogs

Stay sharp with the latest security insights

Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.

Why Hackers Love MSPs and What We’re Gonna Do About It

Why Hackers Love MSPs and What We’re Gonna Do About It

"Being an MSP today is like wearing a neon sign that says, ‘Hack me! I’m the gateway to 100...

Read more
Stop the Swap: How to Protect Yourself from SIM Swapping Attacks

Stop the Swap: How to Protect Yourself from SIM Swapping Attacks

Ever had your phone suddenly lose service for no reason, followed by a flood of “reset your password”...

Read more
Your WiFi Might Be Watching You… Sort Of

Your WiFi Might Be Watching You… Sort Of

As smart homes get smarter, so do their habits of watching, sensing, and reporting. Enter WiFi Motion Detection, a...

Read more