April 30, SecurityWeek (International) Attackers place command and control servers inside enterprise walls. Skilled attackers are burrowing their command and control (C&C) servers inside the networks of compromised businesses to circumvent security measures, according to a security expert familiar with the innovative new attack method. Trend Micro observed dozens of incidents where these tactics were used. In many cases, the compromised servers being used for C&C were compromised in previous attacks and hackers were able to maintain access, the researcher said. The technique helps attackers remain stealthy as they exfiltrate data, as very little C&C traffic leaves the network. Also, the cyber criminals that conduct these types of attacks were seen applying software patches to the compromised systems to ensure other attackers are kept out and the systems are not potentially red-flagged.
Ali Loney, on April 30, 2012