Command and Control [C&C] Server

A command-and-control [C&C] server is a computer controlled by an attacker or cybercriminal which is used to send commands to systems compromised by malware and receive stolen data from a target network. Many campaigns have been found using cloud-based services, such as webmail and file-sharing services, as C&C servers to blend in with normal traffic and avoid detection.

How C&C servers are used

C&C servers serve as command centers that malware related to targeted attacks use to store stolen data or download commands from. Establishing C&C communications is a vital step for attackers to move laterally inside a network.

C&C servers also serve as the headquarters for compromised machines in a botnet. It can be used to disseminate commands that can steal data, spread malware, disrupt web services, and more.  C&C systems used by botnets may follow any of these three models: the centralized model, the peer-to-peer [P2P] model, and the random model.

Malicious uses of a C&C server

C&C servers are the headquarters or command centers where malware related to targeted attacks report back to so  stolen data or download malicious commands can be stored. Establishing C&C communications is a vital step for attackers to move laterally inside a network.

C&C servers also serve as the headquarters for compromised machines in a botnet. It can be used to disseminate commands that can steal data, spread malware, disrupt web services, and more.  C&C systems used by botnets may follow any of these three models: the centralized model, the peer-to-peer [P2P] model, and the random model.

Aside from allowing attackers to steal data, the presence of C&C software on a server may also disrupt legitimate applications and cause the misuse of future resources.