The 2019 Spamhaus Botnet Threat Report is out! If you’re not a report person, don’t worry, we’ve got you covered! Keep reading to find out everything you need to know about the report, how botnet threats changed in 2019 and what Spamhaus experts suggest you look out for and monitor in 2020.
What is Spamhaus?
Spamhaus is a non-profit organization that focuses on threat intelligence data in an effort to make the Internet a better place for everyone. The organization works to identify and expose bad online behavior by producing datasets to inform users of potential malicious internet infrastructures. By partnering with other industry experts and organizations, Spamhaus has been producing this data for more than two decades, which in turn has protected 3 billion users from cybercriminals.
What is a Botnet C&C?
A ‘botnet controller’, ‘botnet C2’, and “botnet command & control’ servers are used by cyber criminals to control infected machines or devices and to extract data from them.
Now that you understand the terminology, let’s dive right in and take a look at the 2019 numbers.
Botnet C&Cs Are On the Rise
The number of observed botnet C&Cs increased in 2019 by a drastic 71.5% increase since 2018. In fact, the number of botnet C&Cs has almost doubled from that of 2017.
To better understand this increase, the Spamhaus experts reviewed the Spamhaus Block List (SBL) to determine the percentage of botnet C&Cs on the list. As it turns out, the popularity of botnet C&Cs also increased to 41%, making botnet C&Cs almost half of the SBL listings in 2019.
So where are these botnet C&Cs? Well, the numbers are in and they don’t lie.
Where in the World Are the Botnet C&Cs?
Although the US spent the past few years in first place for number of C&Cs, Russia took that title in 2019 with a 143% spike in botnet C&C activity. China also experienced a massive increase of 390% in 2019 which moved them into fourth place, but Switzerland had the largest spike in 2019 with an enormous increase of 1,119%.
A few other changes to note are the drop offs and additions from the Top Twenty list. Chile, Italy, Malaysia, Poland, South Africa, and Turkey all dropped off of this list in 2019. However, Argentina, Greece, India, Luxemburg, Serbia, and Sweden were all new additions.
Now you know where the botnet C&Cs are located, but do you know which Malware Families are associated with them? Keep reading to find out.
Beware of These Malware Families
Malware Families associated with botnet C&Cs experienced changes in 2019 as well. Over half of newly-detected botnets in 2019 were associated with Credential Stealers. Due to this, it is no surprise that Lokibot stayed in first place by increasing the number of associated botnet C&Cs by 74%. AZORult, another Credential Stealer, took second place on the Top Twenty list.