Got Beacons?

Suppose you are a Malware designer and need to devise a mechanism to (1) find out which compromised zombies are available and (2) routinely perhaps provide some feedback on relying keystrokes, credit card numbers, and other valuable goodies like this.

A simple solution is to have your Malware send small infrequent messages back to your mother-ship masquerading the messages as some main-stream protocol like https or dns.

Well, that’s a beacon! If the Malware designers were to add some randomness in their communication, it would make the detection of beacons nearly impossible; but adding randomness also makes the management of possibly thousands of Zombies much harder. So, Beacons are usually very regular, they are also relatively easy to detect using high-school math.

Some Beacons are good. Did you know that Apple routinely gets beacons from all your I-devices? Proably not, because they are a vehicle for providing useful services (like where is the phone located, how fast is it travelling down the highway, etc..).

Some Beacons are very, very bad. And you should try to detect them. If you don’t you are letting the bad guy get away with it and steal your data.

Information Breach Tragedy: It Could Have Been Avoided Completely!

A University employee single handedly demonstrates why it’s just as important to know what’s leaving your network as it is to know what’s coming into it!

University Employee Fired for Inadvertently Emailing Student Data

 

 

Find out how the MetaFlows Security System can monitor important files leaving your network, and catch them before they make it out!