Which stage of the cyber attack lifecycle is characterized by attackers passing instructions back and forth between infected devices and their own infrastructure?
Command and Control, or C2, is the phase in which compromised systems communicate with attacker-controlled infrastructure to receive instructions, send status updates, download additional payloads, or coordinate malicious activity. This back-and-forth communication allows attackers to operate the compromised device remotely and adapt their actions after initial compromise. Weaponization and Delivery involve preparing and transmitting the malicious payload, not managing an already infected host. Exploitation is the act of using a vulnerability or weakness to gain unauthorized access. Reconnaissance is information gathering before compromise. C2 is especially important in detection engineering because outbound traffic patterns, unusual domains, beaconing intervals, and connections to suspicious infrastructure can reveal that an endpoint is under external control. Blocking C2 can disrupt an attacker's ability to move laterally, exfiltrate data, or complete actions on objectives. Reference/topics: Cybersecurity 1.2, cyber attack lifecycle; Cybersecurity 1.3, command and control as a common attack type.
Currently there are no comments in this discussion, be the first to comment!