Botnet attacks up, with US among leaders in attacks, Lumen

Botnet attacks up, with US among leaders in attacks, said Lumen

24 May 2021 | Alan Burkitt-Gray

Cover

Serbia, the US and China are the countries hosting the most command and control (C2) attacks, according to the latest research from Lumen.

A new report, detailing distributed denial of service attacks (DDoS attacks), notes one of the largest attacks on record, with a size of 2Tbps.

There were 700 active C2s attacking 28,000 unique victims combined, says Lumen, which changed its name from CenturyLink in 2020,

“As organisations’ dependency on applications to generate revenue deepens, many are realizing they can no longer risk foregoing essential DDoS defences,” said Mike Benjamin, Lumen vice president of security and Black Lotus Labs.

He warned against emerging attacks on the internet of things (IoT). “As IoT DDoS botnets continue to evolve, Lumen is focused on leveraging our visibility to identify and disrupt malicious infrastructure.”

Of the more than 400 C2s globally that Lumen observed issuing attack commands, the country with the greatest number was the US, followed by the Netherlands and Germany, says the new report. Of the more than 160,000 global DDoS botnet hosts the company tracked, the greatest number are located in the US, with nearly 42,000 bots.

The longest DDoS attack period it mitigated for an individual customer lasted almost two weeks, says the company, and “nearly 60% of DDoS attack periods lasted less than one hour, but nearly 20% of DDoS attack periods lasted more than 24 hours”.

The top market sectors attacked were finance; software and technology; and government, said Lumen.

To create the report, the security team at Lumen looked at intelligence from Black Lotus Labs — the company’s threat research arm — and attack trends from the Lumen DDoS mitigation service platform, which integrates counter-measures directly into the company’s extensive and deeply peered global network.

Lumen tracked nearly 3,000 DDoS C2s globally in the first quarter. The most were hosted in Serbia (1,260), followed by the US (380) and China (373). Of the most active global C2s that Lumen observed issuing attack commands, the US had the most (163), followed by the Netherlands (73) and Germany (70). Lumen tracked more than 160,000 global DDoS botnet hosts. Nearly 42,000 were in the US — the most of any country.