RESOURCES

The cybersecurity landscape in 2023 was marked by a significant rise in botnet-driven attacks, with a pronounced escalation in assaults on critical infrastructure. The convergence of botnets with advanced threats such as APTs and ransomware has led to a complex and evolving threat landscape. This report, based on extensive research by NSFOCUS, provides a detailed analysis of the botnet threat trends observed in 2023 and offers predictions for the year 2024, emphasizing the growing sophistication and organization of botnet attacks.

 
 
 
Highlights include:

• Over 1400 large-scale botnet attacks on critical infrastructure were monitored, peaking in August and September.
• Mirai, XorDDoS, Gafgyt, and hailBot families dominate in attacks, with China and the US as primary targets.
• Botnets serve as a springboard for advanced threats, forming complex attack chains.
• IoT devices, especially routers, are the most targeted due to security vulnerabilities.
• Mirai family controls the largest number of IoT devices, with new variants emerging.
• QakBot and Mirai had the most Command and Control (C&C) servers, with the US leading in controlled C&C servers.
• UDP Flood is the most used attack vector, with the US and China experiencing the most severe DDoS attacks.
• Emerging botnet families on Linux/IoT platforms are highly active, with attackers increasingly using the Go language.
• Windows platform-based botnets focus on data exfiltration and serve as distribution channels for other malware.
• Predictions for 2024 include more frequent attacks on critical infrastructure, botnets as a common springboard for other threats, increased botnet group activities, and enhanced trojan concealment strategies.