Spamhaus’s 2021 Q2 Botnet Threat Update has been released and it’s interesting reading.
Overall, there has been a reduction in observed command and control (C&C) systems. However, at regional and provider level, there is more variation. Looking at the leading botnet C&C hosts, it’s not surprising that the world’s most connected countries (the US, Netherlands and other European nations, etc.) host the most.
.com continues to lead as the top TLD for C&C domains, but other “new domains” are catching up, perhaps because they’re largely disposable and less tightly regulated. For example, .buzz is the third-leading TLD for botnet C&Cs, .cloud is #10, and .online is #16.
Among providers, DigitalOcean has emerged as the leading botnet C&C hoster. The report notes that there was a rapid exodus from Amazon, perhaps due to better policing and improved reaction time. That “market” needs to go somewhere, and apparently it moved to DigitalOcean (and to a lesser extent, Microsoft Azure).
Sharp-eyed readers will note some LowEnd hosts on the list (page 12). This is actually a sort of backhanded compliment – while even digital criminals appreciate cheap VPS systems, a C&C node must have high uptime and a solid network given that the botnet is useless without. So one might say that some demand customers are putting their “mission critical” systems on these providers.
It’s important to note that none of these hosts (large or small) is intentionally hosting botnet C&Cs. Until identified on the client side, the C&C servers look like apps that are receiving and sending information from many different clients around the world – just like a popular web site or service.
Look for the next Spamhaus update in October.
Related Posts:
- Hetzner Terminates Kiwix With Extreme Prejudice – What Do You Think? - December 11, 2024
- Die Hard is the Greatest Christmas Movie Ever!Learn a Little Computer Trivia from the Film and Get Bonus Entries in RackNerd’s Holiday Giveaway! - December 10, 2024
- I Can’t Believe I Bought So Many VPSes on Black Friday (How to Dig Yourself Out) - December 9, 2024
Leave a Reply