Spamhaus’s 2021 Q2 Botnet Threat Update has been released and it’s interesting reading.

Overall, there has been a reduction in observed command and control (C&C) systems.  However, at regional and provider level, there is more variation.  Looking at the leading botnet C&C hosts, it’s not surprising that the world’s most connected countries (the US, Netherlands and other European nations, etc.) host the most.

.com continues to lead as the top TLD for C&C domains, but other “new domains” are catching up, perhaps because they’re largely disposable and less tightly regulated.  For example, .buzz is the third-leading TLD for botnet C&Cs, .cloud is #10, and .online is #16.

Among providers, DigitalOcean has emerged as the leading botnet C&C hoster.  The report notes that there was a rapid exodus from Amazon, perhaps due to better policing and improved reaction time.  That “market” needs to go somewhere, and apparently it moved to DigitalOcean (and to a lesser extent, Microsoft Azure).

Sharp-eyed readers will note some LowEnd hosts on the list (page 12).  This is actually a sort of backhanded compliment – while even digital criminals appreciate cheap VPS systems, a C&C node must have high uptime and a solid network given that the botnet is useless without.  So one might say that some demand customers are putting their “mission critical” systems on these providers.

It’s important to note that none of these hosts (large or small) is intentionally hosting botnet C&Cs.  Until identified on the client side, the C&C servers look like apps that are receiving and sending information from many different clients around the world – just like a popular web site or service.

Look for the next Spamhaus update in October.

• Author
• Recent Posts

raindog308

Dread Lord of LowEnd Content at LowEndBox

I'm raindog308, techno polymath and long-time LowEndTalk community Administrator. My technical interests include all things Unix, perl, python, golang, shell scripting, vintage operating systems such as MVS, and relational database systems such as Oracle, PostgreSQL, and MySQL.

I also enjoy using LEBs! I have an empire of little guys for VPNs, larger guys for apps, and big guys for databases and storage. When I'm not in front a screen I'm into German Shepherd dogs, quality knives, target shooting, theology, tabletop roleplaying games, and forest hiking.

I enjoy writing technical articles here on LowEndBox to help people get more out of their systems. You can find me on LowEndTalk @raindog308

Latest posts by raindog308 (see all)

• One Week From Tomorrow…THE WORLD WILL LOSE THEIR MINDS!Lines Are Already Forming! - November 21, 2024
• Crunchbits Discontinuing Popular Annual Plans – The Community Mourns! - November 20, 2024
• RackNerd’s Black Friday 2024: Bigger, Better, and Now in Dublin! - November 19, 2024