A Command and Control (C&C) Server is a computer being controlled remotely by a cyber criminal that is used as a command center to send commands to systems that have been infected with malware and usually part of a large Bot network. Systems running malware communicating to Internet based C&C servers can exfiltrate critical data from your organization such as when the Emotet virus captures user passwords and sends them to the C&C servers online. They can do a whole lot more damage too.
Other malware used in C&C communications is doing things like Crypto-mining (aka Crytojacking), participating in Denial of Service attacks, or just lying idle waiting for the hacker who owns the network of Bots to need something done and issue a command to them to wake up and perform some task,
Establishing C&C communications is usually a significant step for attackers enabling them to move laterally inside a network or organization. This is because the malware can receive new instructions and new malware to scan the local network for additional at risk systems to compromise.
Related Reading: What DNS Encryption Means for Enterprise Threat Hunters
How do I defend against this as a SMB?
Stop this malware from entering your network by educating your staff on the common sources of infection. These Bots and Botnets are malware that infiltrates your company through phishing attacks, as well as weakly authenticated remote access (remote access that is not using two-factor authentication). To protect against Bots and Botnets, SMB owners should always ensure they do the following:
- Train employees to spot and avoid Phishing Attacks.
- Where possible, remove Administrator Rights from your employees.
- Deploy next-generation Anti-virus software and keep it up to date;
- Ensure you enable 2-factor authentication to access your VPN, O365, G-Suite, banking, and all other critical accounts.
- If you have 1 through 4 in place, the next major improvement would be to adopt a Password Manager across your company.
These steps, practices, and tools improve both your overall security and productivity.