Implementing Malware Command and Control Using Major CDNs and High-Traffic Domains

itman · Sep 29, 2017

While I was on the Cyberark web site, I came across a posting that "tweaked" my interest. I have long suspected that CDNs were far from safe.

Also the only mitigation to this is given below. Of note is if you are using an AV solution that indeed does intercept SSL/TLS traffic, your covered:

In this blog post, we will present a new technique for domain fronting, which enables attackers to abuse Content Delivery Networks (CDNs) to mask malware command and control (C2) traffic. This research demonstrates a new technique for hiding a C2 channel completely within a CDN. While many CDNs are potentially impacted, Akamai is one of the largest. Akamai’s CDN carries a significant portion of all internet traffic including high reputation domains through which we can mask our traffic. As we mentioned in previous blog posts, domain fronting has been used by advanced adversaries in the wild as an evasion technique.

Mitigations

One of the few options available for enterprise defenders is to utilize a HTTPS proxy with SSL termination in order identify a mismatch between the host header and the request URI.
Click to expand...

https://www.cyberark.com/threat-res...ontrol-using-major-cdns-high-traffic-domains/

Log in or Sign up

Implementing Malware Command and Control Using Major CDNs and High-Traffic Domains

itman Registered Member

Log in or Sign up

Implementing Malware Command and Control Using Major CDNs and High-Traffic Domains

itman Registered Member

Useful Searches