What is Command and control communication?

Understanding Command and Control Communication (C&C) in Cybersecurity: Botnets, Malware and more

Command and control communication (C&C) is a term used in internet security and antivirus technology to refer to a technique utilized by cyber attackers to establish a communication link between their machines and the compromised computer systems. A compromised system stays connected to the attacker's machine through the Internet or other networking systems. This communication is often used in conjunction with the propagation of viruses, trojans, worms, and other forms of malware. The C&C communication channel is also known as a botnet command and control (C2) system.

command and control communication has been identified as the most common method used by fraudsters to execute their attacks. Botnet C2 infrastructure is mainly used to manipulate the activities carried out by the bots in their network. It allows attackers to access and control remote systems in a network that can be used for malicious purposes, such as Distributed Denial of Service (DDoS) attacks, web skimming, phishing scams, credential stuffing, and more.

The C&C channel helps attackers to organize their activities by enabling them to issue commands that coordinate the activities of the targets within a botnet network. Communication between the compromised systems and attackers is often encrypted, making it difficult to detect or prevent cyber-attacks from happening. Most of the available malware comes with a pre-installed C&C tunnel that is configured and designed to help attackers gain and maintain their grip on a compromised computer.

Attackers use various techniques in communicating with their botnets. Some of the common mediation frameworks used by cybercriminals to execute the C&C communication include direct communication to control servers, communication with centralized infrastructures that synchronize with other botnets using DNS resolution, communication via various Peer-to-Peer (P2P) infrastructures, and communication over TOR networks. To prevent these techniques from working effectively, it is essential that software developers create antivirus software with advanced botnet detection and net-flow monitoring solutions.

With its primary purpose being related to network and computer security, the scope of use for command and control communication has widened beyond just cybersecurity technology. Various industries employing industrial control systems such as the environmental and power industry face above-average threat from modern cyber attacks that make use of the same tactics required for perpetrating website breaches. Their prevalence makes it necessary to establish coordinated prevention strategies against botnets and Command and Control channels to secure individual properties from any damage.

To prevent attackers from exploiting command and control communication, Antivirus technology has to be tailored toward detecting and disrupting the communication. Behavior-based monitoring has recently been added to modern antivirus protection solutions. This helps prevent malware from uncontrolled operation and restricts specific access within an encrypted environment which selectively prevents command and control communications. Having workstation protection equipped with AI-driven threat intelligence capabilities that interact and will adapt based on different environmental variables can bolster the capabilities of security infrastructures in detecting any hiding malware and blocking damaging command and control channel communication.

Other alternative solutions include empowering security systems such as DNS (Domain Name System) protection and Response Forensics that help to detect secondary checkpoints in the transmission of malicious communications to command-and-control servers. Methods including usage pattern analysis, multivariable data feed authentication, and contextually interpreted scenario simulation are also available to evade temporary botnet control, but detection and guided analysis prove much harder.


C&C communication is a core concern for all cybersecurity companies, software developers, technology corporations, and web-based businesses that encounter constant attacks. Developing ability in the detection and rejection of communication links using command and control frameworks is crucial since attackers utilize these C&C channels far more effectively and scale them larger than antivirus solutions, causing significant, far-reaching damage. C&C avoidance is fundamental to defending the internet and internal network frameworks alongside blockages of phishing attacks in email communication, gleaning data from infected controllers in Word as macros in secure documents logs, and stopping communications that take form dynamically loading Remote Access Editions (RATs) and Tunnel-based communication.

Command and control communication FAQs