Command and Control (C&C) Server

21st February 2020 | Cybrary Command and Control (C&C) Server


A Command and Control (C&C) Server is a computer being controlled remotely by a cyber criminal that is used as a command center to send commands to systems that have been infected with malware and usually part of a large Bot network. Systems running malware communicating to Internet based C&C servers can exfiltrate critical data from your organization such as when the Emotet virus captures user passwords and sends them to the C&C servers online. They can do a whole lot more damage too.

Other malware used in C&C communications is doing things like Crypto-mining (aka Crytojacking), participating in Denial of Service attacks, or just lying idle waiting for the hacker who owns the network of Bots to need something done and issue a command to them to wake up and perform some task,

Establishing C&C communications is usually a significant step for attackers enabling them to move laterally inside a network or organization. This is because the malware can receive new instructions and new malware to scan the local network for additional at risk systems to compromise.

Related Term: Botnet, CryptoJacking or Crypto-Mining

Related Reading: What DNS Encryption Means for Enterprise Threat Hunters

Source: TrendMicro

How do I defend against this as a SMB?

Stop this malware from entering your network by educating your staff on the common sources of infection. These Bots and Botnets are malware that infiltrates your company through phishing attacks, as well as weakly authenticated remote access (remote access that is not using two-factor authentication). To protect against Bots and Botnets, SMB owners should always ensure they do the following:

  1. Train employees to spot and avoid Phishing Attacks.
  2. Where possible, remove Administrator Rights from your employees.
  3. Deploy next-generation Anti-virus software and keep it up to date;
  4. Ensure you enable 2-factor authentication to access your VPN, O365, G-Suite, banking, and all other critical accounts.
  5. If you have 1 through 4 in place, the next major improvement would be to adopt a Password Manager across your company. 

These steps, practices, and tools improve both your overall security and productivity.

To learn more about C&C Servers and how they relate to Botnets, watch this short video:

Are you doing enough to protect your business?

Sign up with CyberHoot today and sleep better knowing your

employees are cyber trained and on guard!


Sign Up Today!

Latest Blogs

Stay sharp with the latest security insights

Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.

Microsoft Rolling Out Token Protection: Practical Guidance for MSPs

Microsoft Rolling Out Token Protection: Practical Guidance for MSPs

Part 2 of Our Microsoft Entra Security Series In Part 1, we explored how Microsoft’s Token Protection...

Read more
Why Traditional Phishing Tests Fail — And How the Latest Research Proves It’s Time for a Change

Why Traditional Phishing Tests Fail — And How the Latest Research Proves It’s Time for a Change

For years, organizations have relied on fake email phishing simulations to measure employee resilience to...

Read more
Stopping Token Theft: How Microsoft’s Protections Prevent BEC Attacks

Stopping Token Theft: How Microsoft’s Protections Prevent BEC Attacks

Welcome to our two-part blog series on Microsoft’s new email security enhancement now included in Office 365 P1...

Read more