Botnet activity surges as criminals get braver - can your business stand strong?

A computer being guarded by cybersecurity.
(Image credit: iStock)

Experts have warned malicious botnets are on the rise as researchers observe “massive spikes” in the activity of distinct, potentially compromised devices. 

A report from the NETSCOUT ASERT team claims that at one point, a million devices were engaged in malicious reconnaissance scanning, a hundred times the usual levels.

Usually, around 10,000 devices are engaged in the scanning daily, with the 20,000 figure being the high water mark. However, in early December 2023, the number spiked to 35,144. Two weeks later, on December 20, the figure rose even further, to 43,194. On other days, things returned to normal. Nine days later, however, the researchers observed the biggest spike yet seen, hitting 143,957 distinct devices.

Ports and servers

“This massive spike is evidence of increased botnet scanning activity, especially since levels have remained high since this time, with the high water marks of normally 20,000 now settling in the level of 50,000 - 100,000,” the researchers said. The trend continued into the new year, with spikes on January 5 and 6 exceeding a million devices. 

The surge came from just five countries, the researchers further explained: The United States, China, Vietnam, Taiwan, and Russia. Threat actors were mostly using cheap, or free, cloud and hosting servers, to create botnet launch pads. “These servers are used via trials, free accounts, or low-cost accounts, which provide anonymity and minimal overhead to maintain,” they explained.

The botnets are used to scan the global internet via specific ports, in search of possible vulnerabilities. The ports are: 

•    80
•    443
•    3389
•    5060
•    6881
•    8000
•    8080
•    8081
•    808
•    8888
•    and others.

Threat actors could also be hunting for potential email server exploits, as they were also seen scanning ports 636, 993, and 6002, the researchers concluded.

More from TechRadar Pro

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.