What it is
Beaconing is the quiet “check-in” a hidden infection makes to its boss (a command-and-control server). The malware pings out on a schedule to say “I’m here,” ask for instructions, or send stolen data like logins or card details. It can stay sleepy for days and wake only when told.
How it works
-
The malware picks a destination (domain/IP) and a rhythm (every few minutes, hours, or at random).
-
It hides in normal-looking web requests (HTTPS, DNS, cloud apps) to blend in.
-
When the server replies, the device may exfiltrate data or run commands (download more malware, move laterally, encrypt files).
What you might notice
-
Brief, repeating network spikes to the same unknown host
-
Activity at odd hours when the device seems idle
-
Security tools turning off or update checks failing
If you suspect beaconing (quick response)
-
Isolate the device from the network (Wi-Fi off, unplug Ethernet).
-
Run a full anti-malware scan; check startup items and scheduled tasks.
-
From a clean device, change passwords and enable MFA.
-
Ask IT/Sec to review firewall/proxy/DNS logs for recurring destinations and block them.
How to prevent it
-
Keep OS, apps, and browsers updated; patch fast.
-
Use EDR/AV with network-based detections; enable DNS filtering.
-
Limit admin rights; turn on MFA everywhere.
-
Be cautious with attachments, macros, and “free” installers.