C&C Servers Reconfigured to Make Them More Advanced, Warns FireEye

FireEye, which recently released a report -"The Advanced Cyber Attack Landscape," describes cyber-criminals as doing better in bypassing identification by constantly changing the configurations of their central C&C (command-and-control) structures so foremost malware is able to establish communication with localized C&C infrastructures, meaning the identical nation-based infrastructures where the newly-contaminated computers are situated, thus published threatpost.com dated April 23, 2013.

The company, while preparing its report, collected data after assessing about 12m messages sent-and-received from different malicious programs targeting organizations to the C&C servers they associated with.

Malware development and distribution is becoming increasingly global unlike anytime before, with command-and-control infrastructures being maintained at 184 nation states. Incidentally, this is a good 42% more since 2010, the year that had merely 130 countries hosting various C&C infrastructures.

Elaborating on the above findings, David DeWalt CEO of FireEye stated that with cyber-crime overwhelming conventional signature-based protective measures, there had been an evolution of the threat scenario. By outpacing anti-virus security systems and spreading throughout the globe, cyber-attacks had easily eluded identification while their perpetrators set linkages with the networks right within the boundaries demarcating prominent organizations, said DeWalt. Marketwire.com reported this, April 23, 2013.

Moreover, considering company-wise callbacks from individual countries with respect to their median rates, the countries of Asia (Hong Kong, China, India, South Korea as well as Japan) were responsible for 24% of the total callbacks worldwide. Closer still, countries of East Europe (Poland, Romania, Latvia, Kazakhstan, Ukraine and Russia) accounted for 22%.

Further, attacks on technology firms increasingly relate to Intellectual Property thefts, source-code modification or sabotage thus enabling increased crimes.

Another development observed pertains to focusing on Twitter and Facebook the social-networking websites for exchanging messages with contaminated PCs.

The malicious network-traffic is made to look normal even as it eludes inspection mechanisms while cyber-criminals currently incorporate instructions else stolen info inside commonly-looking image files. Organizations' situations or nature determine the kind of assaults, their scope and rate of occurrences for them even as these differ considerably. Analysis of callback information helps organizations immensely to know better, potential threats, and how they can safeguard themselves from them, the report suggests.

Related article: CA Predicts Online Threats & Methods of Attack in 2008

» SPAMfighter News - 4/27/2013