What Is Beaconing in Security?
[ad_1]
Cybercrime comes in many forms, from botnet attacks to ransomware. Despite their differences, many of these hacks start similarly, and malware beaconing is one of those common threads you’ll see. So, what is malware beaconing, and what exactly does it do?
Like how a beacon in a lighthouse signals to nearby ships, beaconing in networking is a periodic digital signal. In the case of malware beaconing, those signals go between an infected device and a command-and-control (C2) server somewhere else. That allows cybercriminals to control the malware remotely.
Different Types of Beaconing
Malware beaconing lets hackers know they’ve successfully infected a system so they can then send commands and carry out an attack. It’s often the first sign of Distributed Denial-of-Service (DDoS) attacks, which rose 55 percent between 2020 and 2021. These beacons also come in many different forms.
One of the most common types is DNS beaconing. The infected host uses regular domain name system (DNS) requests to hide its beacon. That way, the signals between the malware and the C2 server look like normal network communications.
Some malware beaconing activity uses HTTPS, the encrypted information transfer protocol you’ll often see in daily internet use. Since HTTPS encrypts almost all information between a client and web service, it can be an ideal place to hide malicious actions.
No matter the type, all malware beaconing tries to hide the communication between a threat actor and an infected device. Cybercriminals who successfully hide their beaconing activity can then take over the infected machine, causing significant damage.
Examples of Beaconing Attacks
Some of the most significant cyberattacks in recent history started with malware beaconing. For example, the massive SolarWinds hack used several beacons to load parts of the complicated malware onto various devices. By the end of it, hackers managed to attack thousands of customers.
Other attacks use beacons to infect multiple devices to perform DDoS hacks. Cybercriminals infect hundreds or even thousands of devices, then send signals through beaconing activity to make them all act at once. One of these attacks made InfoSecurity Magazine inaccessible for a short time in 2021.
One of the most popular beaconing attack techniques uses Cobalt Strike, a penetration testing tool. These attacks to hide beaconing activity have risen by 161 percent between 2019 and 2020.
How Security Experts Stop Beaconing Attacks
Beaconing attacks can have severe consequences, but they’re not impossible to stop. One of the best ways security teams defend against them is to look for the activity itself. While broadcasting itself to a C2 server, the malware might accidentally reveal its location to security teams, too.
Some malware can hide from the antivirus software required by the Cybersecurity Maturity Model Certification (CMMC) and other regulations, but beaconing activity is harder to hide. These signals are short and regular, making them stand out from normal, continuous network communication. Automated security tools can look for patterns to discover these signals and find the malware.
The best defense against malware beaconing is to stop it from infecting a device in the first place. More robust firewalls, threat detection, and safer user behavior can prevent malware from ever entering a computer. It can’t beacon to a threat actor if it’s not on a device.
Many Destructive Attacks Start With Beaconing Activity
Beaconing is a common first sign of a larger attack, like the SolarWinds ransomware incident. It has become easier to hide, making it a more popular option for cybercriminals. As troubling as this trend is, security experts can still protect against it.
Having ample knowledge of what beaconing is and how cybercriminals use it can keep companies safe. Understanding how threats affect a system makes it easier to spot and defend against them.
Read Next
About The Author
[ad_2]
Source link