Last Updated on August 7, 2021 by Admin 1
You are working as a Security Analyst in a company XYZ that owns the whole subnet range of 184.108.40.206/8 and 192.168.0.0/8.
While monitoring the data, you find a high number of outbound connections. You see that IP’s owned by XYZ (Internal) and private IP’s are communicating to a Single Public IP. Therefore, the Internal IP’s are sending data to the Public IP.
After further analysis, you find out that this Public IP is a blacklisted IP, and the internal communicating devices are compromised.
What kind of attack does the above scenario depict?
- Botnet Attack
- Spear Phishing Attack
- Advanced Persistent Threats
- Rootkit Attack