UNDER ATTACK? CALL US

THANK YOU FOR YOUR INTEREST IN NSFOCUS REPORTS​

Botnet Trends: 2023 Review and 2024 Predictions

Botnet trends 2023-2024 review and predictions.

The cybersecurity landscape in 2023 was marked by a significant rise in botnet-driven attacks, with a pronounced escalation in assaults on critical infrastructure. The convergence of botnets with advanced threats such as APTs and ransomware has led to a complex and evolving threat landscape. This report, based on extensive research by NSFOCUS, provides a detailed analysis of the botnet threat trends observed in 2023 and offers predictions for the year 2024, emphasizing the growing sophistication and organization of botnet attacks.

Highlights include:
  • Over 1400 large-scale botnet attacks on critical infrastructure were monitored, peaking in August and September.
  • Mirai, XorDDoS, Gafgyt, and hailBot families dominate in attacks, with China and the US as primary targets.
  • Botnets serve as a springboard for advanced threats, forming complex attack chains.
  • IoT devices, especially routers, are the most targeted due to security vulnerabilities.
  • Mirai family controls the largest number of IoT devices, with new variants emerging.
  • QakBot and Mirai had the most Command and Control (C&C) servers, with the US leading in controlled C&C servers.
  • UDP Flood is the most used attack vector, with the US and China experiencing the most severe DDoS attacks.
  • Emerging botnet families on Linux/IoT platforms are highly active, with attackers increasingly using the Go language.
  • Windows platform-based botnets focus on data exfiltration and serve as distribution channels for other malware.
  • Predictions for 2024 include more frequent attacks on critical infrastructure, botnets as a common springboard for other threats, increased botnet group activities, and enhanced trojan concealment strategies.