|
When the purpose of the malware is a botnet, then the malware will usually attempt to spread on the compromised network and receive instructions from a C2 (command & control) server. |
APTs are sophisticated and targeted cyber attacks conducted by well-resourced and highly skilled adversaries, often with specific objectives such as espionage, data theft, or long-term disruption.
APTs may remain dormant for extended periods of time, waiting for instructions from a C2 server. For example, a nation state may infect infrastructure providers and use the APTs to disrupt operation during a war or political event.
Detecting APTs that remain mostly dormant is extremely difficult, since the malware usually blends in with regular system activity. The most effective way to detect APTs is to prevent their installation in the first place and perform regular system audits that can identify irregular applications and services.
