Modern technology gives us many things.

What Is Beaconing in Security?



Cybercrime comes in many forms, from botnet attacks to ransomware. Despite their differences, many of these hacks start similarly, and malware beaconing is one of those common threads you’ll see. So, what is malware beaconing, and what exactly does it do?

Like how a beacon in a lighthouse signals to nearby ships, beaconing in networking is a periodic digital signal. In the case of malware beaconing, those signals go between an infected device and a command-and-control (C2) server somewhere else. That allows cybercriminals to control the malware remotely.

Different Types of Beaconing

Upclose of computer screen with colorful coding

Malware beaconing lets hackers know they’ve successfully infected a system so they can then send commands and carry out an attack. It’s often the first sign of Distributed Denial-of-Service (DDoS) attacks, which rose 55 percent between 2020 and 2021. These beacons also come in many different forms.

One of the most common types is DNS beaconing. The infected host uses regular domain name system (DNS) requests to hide its beacon. That way, the signals between the malware and the C2 server look like normal network communications.

Some malware beaconing activity uses HTTPS, the encrypted information transfer protocol you’ll often see in daily internet use. Since HTTPS encrypts almost all information between a client and web service, it can be an ideal place to hide malicious actions.


No matter the type, all malware beaconing tries to hide the communication between a threat actor and an infected device. Cybercriminals who successfully hide their beaconing activity can then take over the infected machine, causing significant damage.

Related: Types of Cybercriminals and How They Operate

Examples of Beaconing Attacks

Two men and one woman in office space on computers

Some of the most significant cyberattacks in recent history started with malware beaconing. For example, the massive SolarWinds hack used several beacons to load parts of the complicated malware onto various devices. By the end of it, hackers managed to attack thousands of customers.

Other attacks use beacons to infect multiple devices to perform DDoS hacks. Cybercriminals infect hundreds or even thousands of devices, then send signals through beaconing activity to make them all act at once. One of these attacks made InfoSecurity Magazine inaccessible for a short time in 2021.

One of the most popular beaconing attack techniques uses Cobalt Strike, a penetration testing tool. These attacks to hide beaconing activity have risen by 161 percent between 2019 and 2020.

How Security Experts Stop Beaconing Attacks

upclose of person in black and white striped shirt working on desktop

Beaconing attacks can have severe consequences, but they’re not impossible to stop. One of the best ways security teams defend against them is to look for the activity itself. While broadcasting itself to a C2 server, the malware might accidentally reveal its location to security teams, too.

Some malware can hide from the antivirus software required by the Cybersecurity Maturity Model Certification (CMMC) and other regulations, but beaconing activity is harder to hide. These signals are short and regular, making them stand out from normal, continuous network communication. Automated security tools can look for patterns to discover these signals and find the malware.

The best defense against malware beaconing is to stop it from infecting a device in the first place. More robust firewalls, threat detection, and safer user behavior can prevent malware from ever entering a computer. It can’t beacon to a threat actor if it’s not on a device.

Many Destructive Attacks Start With Beaconing Activity

Beaconing is a common first sign of a larger attack, like the SolarWinds ransomware incident. It has become easier to hide, making it a more popular option for cybercriminals. As troubling as this trend is, security experts can still protect against it.

Having ample knowledge of what beaconing is and how cybercriminals use it can keep companies safe. Understanding how threats affect a system makes it easier to spot and defend against them.

14 Ways to Make Windows 10 Faster and Improve Performance

It’s not hard to make Windows 10 faster. Here are several methods to improve the speed and performance of Windows 10.

Read Next

About The Author


Source link

Leave A Reply

Your email address will not be published.