CenturyLink tracked 104 million unique botnet targets per day in 2017
Businesses, governments and consumers should pay more attention to the risk posed by botnets, according to a new threat report released by CenturyLink, Inc. (NYSE: CTL).
In 2017, CenturyLink Threat Research Labs tracked an average of 195,000 threats per day impacting, on average, 104 million unique targets – from servers and computers to handheld or other internet-connected devices – due to the work of botnets.
“Botnets are one of the foundational tools bad actors rely on to steal sensitive data and launch DDoS attacks,” said Mike Benjamin, head of CenturyLink’s Threat Research Labs. “By analysing global botnet attack trends and methods, we’re better able to anticipate and respond to emerging threats in defense of our own network and those of our customers.”
Key Observations
- Geographies with strong or rapidly growing IT networks and infrastructure continue to be the primary source for cybercriminal activity.
- The top five countries by volume of global malicious internet traffic in 2017 were the United States, Russia, China, Brazil and Ukraine.
- The top five countries hosting the most command and control servers (C2s), which amass and direct botnets, were the United States, Russia, Ukraine, China and Germany.
- While countries and regions with robust communication infrastructure unknowingly supplied bandwidth for IoT DDoS attacks, they also represented some of the largest victims based on attack command volume.
- The top five target countries of bot attack traffic were the United States, China, Germany, Russia and the United Kingdom.
- The top five countries by volume of compromised hosts or bots were the United States, China, Brazil, the United Kingdom and Germany.
- Mirai and its variants have been the focus of consistent news coverage, but in 2017, CenturyLink Threat Research Labs witnessed Gafgyt attacks affecting more victims and with noticeably longer attack durations.
Key Facts
- CenturyLink collects 114 billion NetFlow records each day, capturing over 1.3 billion security events daily and monitoring 5,000 known C2 servers on an ongoing basis.
- CenturyLink responds to and mitigates roughly 120 DDoS attacks per day and removes nearly 40 C2 networks per month.
- The scope and depth of CenturyLink’s threat awareness is derived from its global IP backbone, one of the world’s largest. This critical infrastructure supports CenturyLink’s global operations and informs its comprehensive suite of security solutions, including threat detection, secure log monitoring, DDoS mitigation and network-based security solutions.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.