Botnets Continue to Pose Major Threat, CenturyLink Reports
CenturyLink called attention to botnets, saying it tracked an average 195,000 daily threats, affecting 104 million unique targets, from servers and computers to handheld and other devices. They "are one of the foundational tools bad actors rely on to steal sensitive data and launch DDoS [distributed denial of service] attacks," said Mike Benjamin, head of CenturyLink's Threat Research Labs, in a Tuesday release on a 2018 threat report. "The United States, Russia and China hold the lead as the three most common points of origin for malicious internet activities," followed by Brazil and Ukraine, the telco said. The U.S., China, Germany, Russia and the U.K. were the top five countries targeted in bot attacks, it said. "Scanning for vulnerable devices is the basis" for two common botnets, Mirai and a precursor Gafgyt (also called Bashlite, Lizkebab and Torlus), the report said: "Once vulnerable devices are identified, they are instructed to connect to a download server to install the malware. They then may be instructed to port scan for vulnerable devices or use external scanners to find and harvest new potential bots. ... Mirai and Gafgyt have been tied to DDoS attacks against gaming servers and the botnet owner’s perceived rivals.