Spamhaus’s 2021 Q2 Botnet Threat Update has been released and it’s interesting reading.
Overall, there has been a reduction in observed command and control (C&C) systems. However, at regional and provider level, there is more variation. Looking at the leading botnet C&C hosts, it’s not surprising that the world’s most connected countries (the US, Netherlands and other European nations, etc.) host the most.
.com continues to lead as the top TLD for C&C domains, but other “new domains” are catching up, perhaps because they’re largely disposable and less tightly regulated. For example, .buzz is the third-leading TLD for botnet C&Cs, .cloud is #10, and .online is #16.
Among providers, DigitalOcean has emerged as the leading botnet C&C hoster. The report notes that there was a rapid exodus from Amazon, perhaps due to better policing and improved reaction time. That “market” needs to go somewhere, and apparently it moved to DigitalOcean (and to a lesser extent, Microsoft Azure).
Sharp-eyed readers will note some LowEnd hosts on the list (page 12). This is actually a sort of backhanded compliment – while even digital criminals appreciate cheap VPS systems, a C&C node must have high uptime and a solid network given that the botnet is useless without. So one might say that some demand customers are putting their “mission critical” systems on these providers.
It’s important to note that none of these hosts (large or small) is intentionally hosting botnet C&Cs. Until identified on the client side, the C&C servers look like apps that are receiving and sending information from many different clients around the world – just like a popular web site or service.
Look for the next Spamhaus update in October.
Related Posts:
- We are Social Butterflies!Check Us Out Wherever You Browse, View, or Tap! - December 23, 2024
- Let’s Celebrate the Winter Solstice with Awesome Deals and a Free Bonus Code for RackNerd’s Giveaway! - December 22, 2024
- MetWeb has a 30% Off Deal on Cheap VPS Offers in Utah for Our Readers! - December 21, 2024
Leave a Reply