Intrusions into the computer systems are becoming increasinglysophisticated. Command and Control (C2) infrastructure, which enables attackersto remotely control infected devices, is a critical component. Malware is set toconnect to C2 servers to receive commands and payloads, or upload logs orstolen files. Since techniques for detecting traditional C2 servers are alsoadvancing, attackers look for ways to make C2 communication stealth andresilient. Increasingly, they hide C2 communications in plain sight, in particularon social media and other cloud-based public services. In this paper, we identifyseveral emerging trends in the use of social media for C2 communications byproviding a review of the existing research, discuss how attackers could combinethese trends in the future to create a stealth and resilient server-less C2 model,look at possible defence aspects, and suggest further research.
展开▼