by DNSFilter Team on Apr 20, 2022 12:00:00 AM
In the early days of the internet, attackers would have a physical server under their control, and they’d direct the attack from there. Today, many C2 attacks are directed from servers in the cloud.
Sometimes an attacker will use one server that the malware will send a message back to for instructions. This can be easily mitigated, since the C2 server’s IP address can be detected and blocked to prevent further communication. If an attacker uses proxies to mask their true IP address, however, defense becomes more difficult.
More commonly, scammers will use multiple servers to conduct an attack. It may be several servers running the same attack for redundancy in case one is taken down, or groups of servers arranged into a hierarchy.
Attackers can also instruct the infected computers in a botnet to act as a peer-to-peer (P2P) network, communicating with one another randomly instead of from a central server. This makes it harder to detect the infection’s origin. According to cybersecurity software manufacturer DNSFilter, this approach is often used together with a single-server attack — if the server gets taken down, the P2P option is there as a backup.
Ken Carnesi, CEO of DNSFilter, was featured in Forbes.
DNS security leader now blocks 3.8 billion requests daily to undesirable content
Today, public Wi-Fi is table stakes for the hospitality industry. Guests expect to have quality, free Wi-Fi at any hotel they go to. In fact, a recent study from Hospitality Technology magazine found that Wi-Fi is the number one amenity; respondents said they would not return to a location that offered a poor Wi-Fi experience.