Cybercriminals Resume Operations In Q2 After Q1 Lull: Spamhaus

The first quarter of 2020 saw a decrease in the number of botnet Command & Controllers (C&Cs) tracked and listed by the Spamhaus research team, but in the second quarter they were back to levels typically seen in 2019.

In the first quarter, the monthly average of new botnet C&Cs detected by Spamhaus was 671, but this jumped to 1,186 in the second quarter. In the second quarter of 2020, Spamhaus Malware Labs identified 3,559 new botnet Command & Control servers (C&Cs).

The first quarter saw a 57% decrease in newly observed botnet C&Cs over the fourth quarter of 2019, which was extremely positive. But this swung back the other with a 77% increase in the second quarter. Out of this total number, 2,701 were under the direct control of miscreants i.e., as a result of a fraudulent sign-up.

Spamhaus Malware Labs has also identified that, over the past few months, botnet C&Cs appear to be staying active for an increased duration i.e., taking longer for them to be shutdown.

There was an uptick in where the botnet C&Cs were hosted, every country that is except China. The United States remained number one with 896 botnet C&Cs for the quarter, increasing 7 percent in the quarter, while Russia was second with 812, increasing by a third (32%) while the Netherlands, which was third, saw a massive jump of 61 percent to 337. Germany was fourth, increasing 7 percent to 185, Singapore more than doubled (up 157%) to 131 while France was the only other country to hit three figures with 108, up by a third (35%).

The most abused top-level domain remained .com with 5,059 domain names, up 54 percent for the quarter. Second was .top, up 530 percent to 617 and .gp (Guadeloupe) was up 316 percent to 453.

When it comes to domain name registrars, Namecheap was way out in front with the most abusive domain names, totalling 763, which was up 22 percent for the quarter. Enom, which was a new entry on the top 20 chart had 419 abusive domain names registered by customers and NameSile third with 304, up 90 percent. All three are based in the United States.

For more information on Spamhaus’ 2020 Q2 Botnet Threat Report and to download the report [pdf] in full, go to https://www.spamhaus.org/news/article/800/spamhaus-botnet-threat-update-q2-2020

Leave a Reply

Your email address will not be published. Required fields are marked *