CenturyLink tracked 104 million unique botnet targets per day in 2017
Businesses, governments and consumers should pay more attention to the risk posed by botnets, according to a new threat report released by CenturyLink.
In 2017, CenturyLink Threat Research Labs tracked an average of 195,000 threats per day impacting, on average, 104 million unique targets – from servers and computers to handheld or other internet-connected devices – due to the work of botnets.
“Botnets are one of the foundational tools bad actors rely on to steal sensitive data and launch DDoS attacks,” said Mike Benjamin, head of CenturyLink’s Threat Research Labs. “By analyzing global botnet attack trends and methods, we’re better able to anticipate and respond to emerging threats in defense of our own network and those of our customers.”
Read the CenturyLink 2018 Threat Report: http://lookbook.centurylink.com/threat-report.
Key Observations
- Geographies with strong or rapidly growing IT networks and infrastructure continue to be the primary source for cybercriminal activity.
- The top five Asia-Pacific countries by volume of global malicious internet traffic in 2017 were China, South Korea, Japan, India and Hong Kong.
- The top five Asia-Pacific countries hosting the most command and control servers (C2s), which amass and direct botnets, were China, South Korea, Japan, India and Hong Kong.
- While countries and regions with robust communication infrastructure unknowingly supplied bandwidth for IoT DDoS attacks, they also represented some of the largest victims based on attack command volume.
- The top five target countries of bot attack traffic were the United States, China, Germany, Russia and the United Kingdom.
- The top five Asia-Pacific countries by volume of compromised hosts or bots were China, India, Japan, Taiwan and South Korea.
- Mirai and its variants have been the focus of consistent news coverage, but in 2017, CenturyLink Threat Research Labs witnessed Gafgyt attacks affecting more victims and with noticeably longer attack durations.
Key Facts
- CenturyLink collects 114 billion NetFlow records each day, capturing over 1.3 billion security events daily and monitoring 5,000 known C2 servers on an ongoing basis.
- CenturyLink responds to and mitigates roughly 120 DDoS attacks per day and removes nearly 40 C2 networks per month.
- The scope and depth of CenturyLink’s threat awareness is derived from its global IP backbone, one of the world’s largest. This critical infrastructure supports CenturyLink’s global operations and informs its comprehensive suite of security solutions, including threat detection, secure log monitoring, DDoS mitigation and network-based security solutions.
Additional Resources
- Hear Mike Benjamin’s key takeaways from the CenturyLink 2018 Threat Report
- Learn how CenturyLink takes cyber intelligence to the next level with expanded view of threatscape
- Explore IDC’s report: Securing the Connected Enterprise Using Network-Based Security
About CenturyLink
CenturyLink (NYSE: CTL) is the second largest U.S. communications provider to global enterprise customers. With customers in more than 60 countries and an intense focus on the customer experience, CenturyLink strives to be the world’s best networking company by solving customers’ increased demand for reliable and secure connections. The company also serves as its customers’ trusted partner, helping them manage increased network and IT complexity and providing managed network and cyber security solutions that help protect their business.