Attackers place Command and Control servers inside enterprise walls