DETECTION OVERVIEW

Unconventional Outbound Connection

Risk Factors

After an attacker compromises a device, they can install malware that attempts to contact a command-and-control (C&C) server outside the network or download additional malware from an attacker-controlled server. Unconventional connections with an external endpoint (where the internal device is not expected to communicate with the external endpoint) should be examined before critical or costly attacks occur.

The system might change the risk score for this detection.

Kill Chain

Command-and-Control

Risk Score

Attack Background

Mitigation Options

Quarantine the device to check for indicators of compromise

Implement the principle of least privilege to minimize the damage caused by a compromised device

Implement network segmentation, security zones, and firewall policies that limit how devices can communicate

MITRE ATT&CK ID

T1612
T1071
T1041

Professional Services

Partners

Partner Login

Partner Finder

View All Use Cases

View All Industries

View All Integrations

Attack Background

Mitigation Options

MITRE ATT&CK ID

What else can RevealX do for you?

View our Periodic Table of use cases