wiredmikey (1824622) writes "Skilled attackers are burrowing their command and control (C&C) servers inside the networks of compromised businesses in order to circumvent security measures, according to a security expert familiar with the innovative new attack method.The advantage is that none of that C&C traffic is passing through perimeter firewalls or intrusion detection systems — so it is very unlikely to be detected. While the attacker still needs to send that single communication per day with any stolen data / issuing new commands, this is trickier to detect.
In many cases, the compromised servers being used for C&C were compromised in previous attacks and hackers were able to maintain access.
Also interesting, is that attackers conducting these types of attacks have been seen applying software patches to the compromised systems in an effort to ensure other attackers are kept out.
The new attack tactic adds two more steps to forensic investigation, as now investigators must conduct a penetration test from inside out in order and identify the service wherein a syscall proxy has been embedded in the memory space."
Link to Original Source