C&C-as-a-Service: abusing third-party web services as C&C channels

Friday 2 October 12:00 - 12:30, Green room

Artturi Lehtiö (F-Secure Corporation)

  download slides (PDF)

A secure, reliable and undetectable method of communicating with and controlling malware is essential for modern malware operations. But designing, implementing and maintaining your own communication infrastructure isn't an easy task. Coincidentally, malware operators aren't the only ones interested in secure and reliable communication. Popular web services also want to provide their customers with a secure and reliable service. Add to that the fact that popular web services generate large amounts of indistinguishable web traffic to blend into and it starts to sound irresistible. Unsurprisingly then, recent years have seen a growing trend among malware operators of abusing third-party web services such as Twitter, Facebook, and Gmail as command and control channels.

This paper explores the multitude of ways in which modern malware abuses third-party web services as command and control channels. Through real life examples - from common cybercrime to targeted nation-state espionage - the paper provides a comprehensive overview of both the methods employed by malware and the web services most commonly abused. This paper further analyses the benefits and disadvantages that are provided to malware operators when they abuse third-party web services as command and control channels. Finally, this paper also examines the challenges that such methods pose to the detection and prevention of malware.

Click here for more details about the conference.

Artturi Lehtiö

Artturi Lehtiö

Artturi Lehtiö, born in Finland, began his computer science studies at Aalto University in 2010 and is currently finishing his Bachelor of Science degree. He has been employed by Finnish security company F-Secure since 2014 where he currently works as a researcher focusing primarily on threat intelligence, threat hunting and reverse engineering. When not at work, he can often be found performing newer French horn music with the Retuperä Voluntary Fire Brigade Band.

 

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.