Spamhaus Q1 2023 Botnet Report
The latest Botnet Report from Spamhaus Researchers has been released for Q1 2023.
With over 23 years of experience, Spamhaus Technologies is a trusted authority on IP & domain reputation. Their data is used to protect 3 Billion + users worldwide.
Spamhaus researches Internet Protocol (IP) addresses and domains used to host botnet command & control (C&C) servers. Botnet command & controllers are used to infect and control other machines to carry out spam or cybercrime attacks (e.g. ransomware or DDoS attacks).
Spamhaus researchers observed a 23% increase in the number of observed botnet command & control servers in Q1 of 2023. Some highlights from the latest report include listed below.
Q1 2023 Botnet Threat Update Highlights:
Malware associated with Botnet C&Cs activity increased once again. Credential Stealing Malware observed increased significantly in the first quarter of 2023, growing to 22.4% of listings.
Cobalt Strike continued to be the most active malware family associated with botnet C&Cs. Cobalt Strike is a penetration testing tool. While the tool is a legitimate commercial solution, it is frequently exploited by cybercriminals to deploy malware.
RecordBreaker activity was reported to increase by 899% in the last quarter. It was third most observed malware family associated with Botnet C&Cs this quarter, surpassing RedLineStealer and FluBot.
Source: Spamhaus Technologies Q1 2023 Botnet Update
Botnet C&C servers are located across the globe, with most activity being observed from North America, Europe and Asia.
The United States of America, China and Russia continued to be the top 3 countries with the most botnet controller activity. Botnet C&C activity from Russia increased a notable 62% since the end of 2022.
Read the full update at Spamhaus.com.
SecurityZones is an authorized commercial partner and distributor of Spamhaus Technologies. To learn more about Spamhaus threat intelligence, including the Botnet Controller List, contact us.