Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
It is both relatively easy and common for an attacker to establish command-and-control (C&C) beaconing on a compromised device over protocols such as HTTP, which helps them obscure their activity within legitimate traffic. The presence of stealthy C&C beaconing on your network indicates that an attacker might be conducting a persistent attack. The ultimate objective of a persistent attack, such as data exfiltration, could have a significant impact on a business or organization.
The system might change the risk score for this detection.
Kill Chain
Risk Score
60
Attackers can maintain communication with a compromised device through beaconing. Beaconing refers to short messages that request additional instructions from an attacker, which are periodically sent from the compromised device to a C&C server. Sending beacons on common ports and protocols (such as HTTP:80 or HTTPS:443) helps the attacker evade firewalls because outbound connections are typically permitted and malicious traffic is obscured within normal traffic.
Legitimate software can check for license or software updates by beaconing to a server. Investigate to determine if the beaconing behavior is associated with a suspicious external endpoint.
Configure firewalls to block outbound traffic to suspicious external hosts
Provision devices to communicate over authorized interfaces
Report the suspicious domain to threat intelligence platforms
Check suspicious domains for their registration date, because short-lived domains might be malicious
