Botnet Trend Report

Botnet Trend Report 2019-16

October 26, 2020

Conclusion

Botnets have evolved to use weak passwords, exploits, and phishing emails as major propagation and intrusion means. Dormant attackers that are seeking opportunities to do wrong tend to exploit vulnerabilities during the time between vulnerability disclosure and remediation. Botnet hackers often exploit newly revealed vulnerabilities to infect new targets to enlarge their attack surface quickly. We can see that hackers attach much significance to vulnerability exploitation.

(more…)

Botnet Trend Report 2019-15

October 19, 2020

Five Major APT Groups In 2019, NSFOCUS Security Labs tracked and delved into five major APT groups: BITTER, OceanLotus, MuddyWater, APT34, and FIN7. The following sections illustrate the latest developments of these APT groups by explaining how they optimize attack chains, refine attack methods, and sharpen RAT tools. BITTER BITTER is an attack group with […]

Botnet Trend Report 2019-14

October 12, 2020

New Trends of APT Groups

Here are three trends that shaped APT groups in 2019:

Firstly, mobile devices became common constituents of the attack surface. In 2019, MuddyWater developed malicious files against Android platforms, heading towards mobile devices. Google’s Project Zero team revealed five exploit chains deployed in the wild to attack iOS systems and noted that these exploit chains, relying on 0-day vulnerabilities, could be easily used by APT groups to target multiple iOS versions.

(more…)

Botnet Trend Report 2019-13

October 5, 2020

Mirai

At present, Mirai is among the biggest IoT botnet families which have the most variants and infect the most devices to impose the most extensive impact. In 2019, NSFOCUS Security Labs captured 10,635 Mirai samples in total (excluding the repetitive malware arising from cross compilation), identified 1660 C&C addresses, and detected more than 40 exploits.

(more…)

Botnet Trend Report 2019-12

September 28, 2020

This chapter describes active botnet families under long-term tracking of and other families newly captured by NSFOCUS Security Labs, from the perspectives of their background, activity, and association with other families.

Botnet Families

  • GoBrut

Malware in the GoBrut family, written in Go, made its debut in early 2019, in a bid to detect services on a target website and obtain the login user name and password via brute force attacks. The GoBrut family emerged during an epoch characterized by poor security of website management frameworks (like Magento, WordPress, and Drupal) and ubiquitous weak passwords. After obtaining the user name and password of the target website, the attacker can log in to the website to gain shell privileges for further malicious operations.

(more…)

Botnet Trend Report 2019-11

September 21, 2020

Overview

Overall, malware on mobile platforms, though evolving in the same way as those on PC, has a complex composition.

In 2019, ad apps still dominated the list of malware threatening the security of Android users. Potentially dangerous software involving sensitive operations also made up a large proportion. Agent programs launching attacks via remote code execution, thanks to the inherent nature of Android, were another type of mobile threats at the top of the list. In addition, it becomes quite common to use dropper or downloader to drop malicious payloads, but the scale is yet to be as large as those released by PCs. High-risk threats, such as spyware, banking Trojans, and ransomware, were small in number, but most of them had been around for some time and some even for years.

(more…)

Botnet Trend Report 2019-10

September 14, 2020

Adware

For many years, large grey software supply chains on the Internet have been showing their own prowess for self-promotion. A specific piece of software is often bundled with unnecessary software, even malware, during the download and installation.

(more…)

Botnet Trend Report 2019-9

September 7, 2020

Overview

In 2019, banking Trojans frequently launched attacks via the multilevel free technology, posing a severe threat to enterprises and public sectors. Spam was still the main propagation method. Attackers collected a great number of email addresses against which they launched phishing attacks. In 2019,
NSFOCUS Security Labs captured and tracked such banking Trojans as Emotet, TrickBot, LokiBot, Gozi, and QakBot.

(more…)

Botnet Trend Report 2019-8

August 31, 2020

The first nine months of 2019 saw sharp rise in the market prices of cryptocurrencies dominated by Bitcoin. Despite a fall in the fourth quarter, the prices remained high. Meanwhile, cryptojacking malware became active with the rise of cryptocurrency prices.

(more…)

Botnet Trend Report 2019-7

August 24, 2020

In 2019, ransomware was still a major type of threats that haunted people around the world. As an infamous botnet family, GandCrab generated more than USD 2 billion in ransom payments, simulating the rapid increase of other ransomware.

(more…)