Battle of the Week - Botnet Communications

The Battleground: 

A local County’s network that houses emergency communications and other important telecoms 

The Presumption:  

Once a botnet enters a network, it will spread from computer to computer. When it roots itself into a network, the devices try to occasionally reach out to its command and control servers in order to execute code remotely.  

The Discovery: 

After close analysis of our client’s SIEM and various firewalls, we recognized a botnet communication from an internal IP to an external IP. We evaluated the firewall for traffic to IPs known for hosting botnets because most traffic from source IPs to foreign countries is malicious when the source IP is a government entity. 

Our Solution: 

We notified our client, and they promptly worked to prevent any internal to external communication from taking place. 

Lessons Learned: 

Regularly scan machines for malicious software that may have been spread via a worm or from direct manipulation via an open port. 

Let InfusionPoints assist you with your CyberSecurity needs today!

Contact Us