184 nations house CnC servers: FireEye
Asia and Eastern Europe account for the majority of CnC activity
184 nations that house communication hubs, or command and control (CnC) servers, a 41% increase compared to 2010 according to cyber attack mitigation specialists FireEye. The company has released "The Advanced Cyber Attack Landscape" report and interactive maps, which provide detailed insight into the global nature of malware communication activity related to sophisticated cyber attacks.
Asia and Eastern Europe account for the majority of activity. According to the report, technology organisations are among the most frequently attacked and the majority of Advanced Persistent Threat (APT) attacks-89% -are associated with tools developed and disseminated by Chinese hacker groups, according to FireEye.
"The threat landscape has evolved, as cyber threats have outpaced traditional signature-based security defenses, such as anti-virus, and permeated around the world, enabling cybercriminals to easily evade detection and establish connections inside the perimeter of major organisations," said FireEye CEO David DeWalt. "The FireEye research puts in proper perspective the global pandemic of this new breed of advanced cyber attacks."
Asia and Eastern Europe are attack hotspots - Looking at the average number of callbacks per company by country, the Asian nations of China, South Korea, India, Japan, and Hong Kong accounted for 24% of global callbacks. Not far behind, the Eastern European countries of Russia, Poland, Romania, Ukraine, Kazakhstan, and Latvia comprised 22%.
Technology companies are highly targeted - Technology companies experienced the highest rate of callback activity associated with the next generation of cyber attacks. Technology companies are targeted for the theft of intellectual property, sabotage, or modification of source code to support further criminal initiatives.
The majority of APT callback activities are associated with APT tools that are made in China or that originated from Chinese hacker groups. By mapping the DNA of known APT malware families against callbacks, FireEye discovered that the majority of APT callback activities-89 percent-are associated with APT tools that are made in China or that originated from Chinese hacker groups. The main tool is Gh0st RAT.
CnC servers are used heavily during the life cycle of an attack to maintain communication with an infected machine by way of callbacks, enabling the attacker to download and modify malware to evade detection, extract data, or expand an attack within a target organisation.