What Is a Command and Control Cyberattack?

How Command and Control Attacks Are Structured

In the early days of the internet, attackers would have a physical server under their control, and they’d direct the attack from there. Today, many C2 attacks are directed from servers in the cloud.

Sometimes an attacker will use one server that the malware will send a message back to for instructions. This can be easily mitigated, since the C2 server’s IP address can be detected and blocked to prevent further communication. If an attacker uses proxies to mask their true IP address, however, defense becomes more difficult.

More commonly, scammers will use multiple servers to conduct an attack. It may be several servers running the same attack for redundancy in case one is taken down, or groups of servers arranged into a hierarchy.

Attackers can also instruct the infected computers in a botnet to act as a peer-to-peer (P2P) network, communicating with one another randomly instead of from a central server. This makes it harder to detect the infection’s origin. According to cybersecurity software manufacturer DNSFilter, this approach is often used together with a single-server attack — if the server gets taken down, the P2P option is there as a backup.

  • There are no suggestions because the search field is empty.
Latest posts
Balancing DNS Blocking And Filtering: How To Protect Your Users Without Becoming Big Brother Balancing DNS Blocking And Filtering: How To Protect Your Users Without Becoming Big Brother

The internet can be a double-edged sword. Although it’s obviously opened up worlds of possibility, to put it mildly, it’s also made it easier for harmful material to proliferate and created a whole new industry of scams and cyberattacks. 

DNSFilter Welcomes Cisco Veteran TK Keanini as CTO DNSFilter Welcomes Cisco Veteran TK Keanini as CTO

Industry leader brings customer focus and passion to cybersecurity startup

Defeating current DNS-based attacks Defeating current DNS-based attacks

Domain name systems (DNS) has been undergirding the internet for more than four decades — and still it’s a daily pathway for cyberattacks. Considering how long security pros have had to create a better way to secure it, DNS security continues to lag, posing a significant security risk today. It remains responsible, at least to some extent, for a significant portion of cyber-attacks.

Explore More Content

Ready to brush up on something new? We've got even more for you to discover.