The infrastructure of cybercrime continues its impressive (or depressing) growth…:
[…] The Spamhaus Project, which tracks both the domain names and the IP addresses used by threat actors for hosting botnet command-and-control servers (C2), identified 17,602 such servers hosted on a total of 1,210 different networks worldwide in 2019.
The number represented a big 71.5% jump over the 10,263 botnet C2 servers that Spamhaus detected and blocked in 2018, and a near doubling in number from the 9,500 servers in 2018. Botnet C2s, in fact, accounted for 41% of all the listings on Spamhaus’ block list in 2019, compared to just 15% in 2017 and 25% last year.
The sharp increase is an indication of the growing popularity of botnets as an attack vector among threat actors, Spamhaus said in a report this week. About 60% of the new botnet C2s that Spamhaus detected in 2020 were associated with credential-stealing malware such as Lokibot and AZORult. About 20% — the next highest proportion — were used to control data-stealing Remote Access Trojans (RATs), the most prolific of which was Nanocore.