sb-as logo
Story image

Asia Pacific nations undeniably caught up in botnet traffic - report

23 Apr 2018

China, South Korea, Vietnam, India, and Australia amongst the top five Asia Pacific countries sending out the most malicious internet traffic – although the United States, Russia, and China round out the top three spots globally.

CenturyLink’s 2018 Threat Report analysed an average of 195,000 threats per day that impacted an average of 104 million unique targets.

In Asia Pacific, threats most commonly target China, Japan, Korea, India, and Taiwan. Globally, the United States, China, Brazil, the United Kingdom, and Germany are the top targets.

Botnets are a key focus of this year’s report, as many of the threats are due to botnets. CenturyLink Threat Research Labs head Mike Benjamin explains:

"Botnets are one of the foundational tools bad actors rely on to steal sensitive data and launch DDoS attacks. By analyzing global botnet attack trends and methods, we're better able to anticipate and respond to emerging threats in defense of our own network and those of our customers."   

In Asia Pacific, the top five countries by volume of compromised bots include China, India, Japan, Taiwan, and South Korea.

Countries with strong or rapidly growing IT networks and infrastructure are popular targets for cybercriminal activity – China alone plays host to a daily average of more than 454,000 bots.

While Mirai is one of the most well-known botnets, CenturyLink says there is a botnet that is more prevalent, affects more victims and has longer attack durations.

“Mirai and Gafgyt have been tied to DDoS attacks against gaming servers and the botnet owner’s perceived rivals. Operators attempt to drive traffic to the gaming servers they control… They can also operate under a DDoS-for-hire scenario in which they rent their website stressor services to anyone – under the guise that you, as a site owner, want to ‘test’ or stress your website’s connectivity to the internet,” the report says.

The Gafgyt command and control (C2) servers can be active for as many as 117 days, compared to 83 days at most for the Mirai C2 servers.

“The attraction of Mirai and Gafgyt deployments is that they offer bad actors a wide variety of customizable options to carry out their assaults. The determination of the specific attack type used is based on the capability of the software, the wishes of the malicious client, the target and the desired outcome. Each attack command may include a list of target IP addresses, target domains, ports, services and specified durations,” the report says.

CrnturyLink recommends taking a holistic approach to security that is informed by actionable threat intelligence.

Story image
Why answering the question of orchestration vs automation will improve your security effectiveness
Organisations are looking to improve their security operations effectiveness, efficiency, and staff satisfaction, with security, orchestration, automation and response (SOAR) fast becoming a trending approach. More
Story image
Trend Micro launches cloud solution for Microsoft Azure
“The security of the cloud is a cloud providers’ responsibility, but security in the cloud falls to the customer, which is where we fit."More
Story image
Forescout and ServiceNow advance tech partnership to protect critical infrastructure
Forescout and ServiceNow have announced they are advancing their partnership for enhanced operational technology (OT) and industrial IoT capabilities, with an aim of helping organisations to protect critical infrastructure from cyber threats.More
Story image
Security teams face mounting stress, call for execs to step in
“With more organisations operating under remote work conditions, the attack surface has broadened, making security at scale a critical concern. This is a call to action for executives to prioritise alleviating the stress."More
Download image
Why there's a huge push for NFV in today's enterprises
To help networking and IT professionals better understand the opportunities and challenges associated with deploying NFV technology, new research based on responses from more than 1,300 IT and networking professionals from around the world is now available. More
Story image
VPN vulnerabilities pose serious risk to OT Networks
The vulnerabilities affect three industrial VPN servers and clients.More