May 9, 2023
Defending against Snake in the long-term will be a cat-and-mouse game, as the malware can take on many forms through its micro-service design (each component can be upgraded separately). Written in C, the most unique characteristic of Snake is its server-like behavior. Most C2 malware opens a port on the compromised device to allow the operator command-level access. This ubiquitous signature is a red flag to endpoint defenses, which can be tuned to detect the new port. Snake avoids this altogether by sniffing the TCP traffic flowing through a device and examining each first packet for a directive from the operator. Because of the advanced (fluctuating) behavior of Snake, the best front-line defense is to keep an EDR updated and tuned correctly.
Be immediately notified of new advisories and associated security tests