You are a security analyst and have networking monitoring solutions in place to detect strange or potentially malicious traffic. One of these solutions has sent an alert saying it detected outgoing network traffic from the company's network that was routing to a well-known malicious endpoint. Of the following options which is the most likely to be the cause of this traffic?
A user has attached confidential materials to an outgoing email
An infected server or user machine is attempting to contact a command-and-control server
A hacker is probing the company network from the outside
Some Malware will attempt to contact a Command-and-Control (C2) server or network to let the creators of the malware know it has infected a target. The malware will then be given commands remotely from the C2 server to steal data, infect more hosts or begin monitoring the infected device. The act of calling a C2 server is also called a beacon. The communication with known C2 addresses is a common sign that an infection has occurred within a network. One common use of this type of Malware is for a botnet. The C2 server may for example then send a command to all infected devices to initiate a Distributed Denial of Service (DDOS) attack (this is just one example).
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.