Botnets remain a persistent cyberthreat

CenturyLink tracked 104 million unique botnet targets per day in 2017

MONROE, La., April 17, 2018 – Businesses, governments and consumers should pay more attention to the risk posed by botnets, according to a new threat report released by CenturyLink, Inc. (NYSE: CTL).

In 2017, CenturyLink Threat Research Labs tracked an average of 195,000 threats per day impacting, on average, 104 million unique targets – from servers and computers to handheld or other internet-connected devices – due to the work of botnets.

“Botnets are one of the foundational tools bad actors rely on to steal sensitive data and launch DDoS attacks,” said Mike Benjamin, head of CenturyLink’s Threat Research Labs. “By analyzing global botnet attack trends and methods, we’re better able to anticipate and respond to emerging threats in defense of our own network and those of our customers.”

Read the CenturyLink 2018 Threat Report: https://lookbook.centurylink.com/threat-report

Top 10: Malicious Traffic by Country of Origin 2017

Top 5: Malicious Traffic by Country of Origin 2017

Go to all assets

Key Observations

Geographies with strong or rapidly growing IT networks and infrastructure continue to be the primary source for cybercriminal activity.

The top five countries by volume of global malicious internet traffic in 2017 were the United States, Russia, China, Brazil and Ukraine.
The top five countries hosting the most command and control servers (C2s), which amass and direct botnets, were the United States, Russia, Ukraine, China and Germany.

While countries and regions with robust communication infrastructure unknowingly supplied bandwidth for IoT DDoS attacks, they also represented some of the largest victims based on attack command volume.

The top five target countries of bot attack traffic were the United States, China, Germany, Russia and the United Kingdom.
The top five countries by volume of compromised hosts or bots were the United States, China, Brazil, the United Kingdom and Germany.

Mirai and its variants have been the focus of consistent news coverage, but in 2017, CenturyLink Threat Research Labs witnessed Gafgyt attacks affecting more victims and with noticeably longer attack durations.

Key Facts

CenturyLink collects 114 billion NetFlow records each day, capturing over 1.3 billion security events daily and monitoring 5,000 known C2 servers on an ongoing basis.
CenturyLink responds to and mitigates roughly 120 DDoS attacks per day and removes nearly 40 C2 networks per month.
The scope and depth of CenturyLink’s threat awareness is derived from its global IP backbone, one of the world’s largest. This critical infrastructure supports CenturyLink’s global operations and informs its comprehensive suite of security solutions, including threat detection, secure log monitoring, DDoS mitigation and network-based security solutions.

Additional Resources

Hear Mike Benjamin’s key takeaways from the CenturyLink 2018 Threat Report
Learn how CenturyLink takes cyber intelligence to the next level with expanded view of threatscape
Explore IDC’s report: Securing the Connected Enterprise Using Network-Based Security

About CenturyLink
CenturyLink (NYSE: CTL) is the second largest U.S. communications provider to global enterprise customers. With customers in more than 60 countries and an intense focus on the customer experience, CenturyLink strives to be the world’s best networking company by solving customers’ increased demand for reliable and secure connections. The company also serves as its customers’ trusted partner, helping them manage increased network and IT complexity and providing managed network and cyber security solutions that help protect their business.

Media Contact:
Stephanie Walkenshaw
+1 720-888-3084
[email protected]

Connect

#Botnets remain a persistent cyber threat according to @CenturyLink Tweet