Story image

Asia Pacific nations undeniably caught up in botnet traffic - report

23 Apr 2018

China, South Korea, Vietnam, India, and Australia amongst the top five Asia Pacific countries sending out the most malicious internet traffic – although the United States, Russia, and China round out the top three spots globally.

CenturyLink’s 2018 Threat Report analysed an average of 195,000 threats per day that impacted an average of 104 million unique targets.

In Asia Pacific, threats most commonly target China, Japan, Korea, India, and Taiwan. Globally, the United States, China, Brazil, the United Kingdom, and Germany are the top targets.

Botnets are a key focus of this year’s report, as many of the threats are due to botnets. CenturyLink Threat Research Labs head Mike Benjamin explains:

"Botnets are one of the foundational tools bad actors rely on to steal sensitive data and launch DDoS attacks. By analyzing global botnet attack trends and methods, we're better able to anticipate and respond to emerging threats in defense of our own network and those of our customers."   

In Asia Pacific, the top five countries by volume of compromised bots include China, India, Japan, Taiwan, and South Korea.

Countries with strong or rapidly growing IT networks and infrastructure are popular targets for cybercriminal activity – China alone plays host to a daily average of more than 454,000 bots.

While Mirai is one of the most well-known botnets, CenturyLink says there is a botnet that is more prevalent, affects more victims and has longer attack durations.

“Mirai and Gafgyt have been tied to DDoS attacks against gaming servers and the botnet owner’s perceived rivals. Operators attempt to drive traffic to the gaming servers they control… They can also operate under a DDoS-for-hire scenario in which they rent their website stressor services to anyone – under the guise that you, as a site owner, want to ‘test’ or stress your website’s connectivity to the internet,” the report says.

The Gafgyt command and control (C2) servers can be active for as many as 117 days, compared to 83 days at most for the Mirai C2 servers.

“The attraction of Mirai and Gafgyt deployments is that they offer bad actors a wide variety of customizable options to carry out their assaults. The determination of the specific attack type used is based on the capability of the software, the wishes of the malicious client, the target and the desired outcome. Each attack command may include a list of target IP addresses, target domains, ports, services and specified durations,” the report says.

CrnturyLink recommends taking a holistic approach to security that is informed by actionable threat intelligence.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.