Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at July 21, 2019. Top 10 countries in attack percentage: The Palestine is in first place. The Suriname is in the second place. The country China (CN) is […]
3.3.2 Analysis Most Botnets Deployed on VPSs for Economic Reasons Low-cost virtual private servers, which have little security oversight, have become the main target for hosting command & control servers. When setting up C&C servers, botnet groups will attempt to take over any available system. Having evolved past traditional on-premises servers, botnet groups now target […]
3.3 Geographical Distribution 3.3.1 Behavior Seen According to geographical analysis of IP addresses, 2018 saw most new C&C servers in the USA (30.64%), closely followed by China (29.79%). Other top C&C hosting countries include Canada, Russia, Germany, France, and Italy.
Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at July 07, 2019. Top 10 countries in attack percentage: The Suriname is in first place since last week. The Palestine is in the second place. The country […]
3.2 Family Activity 3.2.1 Behavior Seen In 2018, a total of 35 active families were found to issue more than 100 botnet instructions, accounting for 24% of all known families. Several families with the highest level of instruction activity accounted for most of the malicious activities throughout 2018.
Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at June 30, 2019. Top 10 countries in attack percentage: First place changed from Laos to Suriname. The Palestine is in the second place. The country China (CN) has […]
This chapter discusses various aspects of botnet behavior. Behavioral characteristics include activity level of botnets overall and per botnet family, DDoS attack characteristics, C&C server use and distribution, and geographical locations of attack victims. Also discussed are characteristics of the most active botnet families themselves.
1. Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at June 21, 2019. Top 10 countries in attack percentage: The Laos is in the first place since four weeks ago. The Suriname is in the second […]
Botnets have evolved since 2017. New active families and platforms have become dominant. Attack types used have also changed.
