a leader in holistic hybrid security solutions, today released its 2018
Botnet report, which found that botnets in 2018 continued to use
distributed denial-of-service (DDoS) as their primary weapon to attack
high-speed networks. In the 2018 Botnet report, developed by
NSFOCUS Fuying Laboratory, a component of NSFOCUS Security Labs,
continuous monitoring and research of botnets discovered significant
changes taking place in the coding of malware used to create bots,
operations, and maintenance of botnets and IP Chain-Gangs.
Throughout 2018, NSFOCUS developed profiles on 82 IP Chain-Gangs, groups
of bots from multiple botnets acting in concert during specific
cyber-attack campaigns. Understanding botnets in general and IP
Chain-Gangs, in particular, helps improve defensive strategies and,
thus, the ability to better mitigate attacks.
Key findings in the 2018 Botnet report include:
NSFOCUS detected 111,472 attack instructions from botnet families that
were received by a total of 451,187 attack targets, an increase of
66.4 percent from last year.
The U.S. (47.2 percent) and China (39.78 percent) were the two
worst-hit countries when it came to botnet attacks.
Statistical analysis shows that gambling and porn websites were the
most targeted, suffering 29,161 (an average of 79 per day) DDoS
attacks throughout 2018.
Botnets were shifted from Windows platforms towards Linux and IoT
platforms, leading to the fast decline of older Windows-based families
and the thriving of new IoT-based ones.
As for platforms hosting Command and Control (C&C) servers, families
using IoT platforms, though smaller in quantity, were more active,
attracting 87 percent of attackers.
In 2018, a total of 35 active families were found to issue more than
100 botnet instructions, accounting for 24 percent of all known
families. Several families with the highest level of instruction
activity accounted for most of the malicious activities throughout 2018
“Security service providers need to adapt their strategies to better
mitigate the increasing threats posed by the new generation of botnets,”
said Richard Zhao, COO at NSFOCUS. “As defenders, we not only need to
enhance our capabilities of countering ransomware and cryptominers but
also need to improve the protections for IoT devices. While the total
number of IoT devices globally surges rapidly and IoT product lines are
increasingly diversified, IoT devices still have poor security. Insecure
firmware and communication protocols lead to numerous vulnerabilities in
To download a copy of the 2018 Botnet report, please visit https://nsfocusglobal.com/2018-botnet-trend-report/.
About NSFOCUS, Inc.
NSFOCUS, Inc., a global network and cyber security leader, protects
enterprises and carriers from advanced cyber attacks. The company’s
Intelligent Hybrid Security strategy utilizes both cloud and on-premises
security platforms, built on a foundation of real-time global threat
intelligence, to provide multi-layered, unified and dynamic protection
against advanced cyber attacks.
NSFOCUS works with Fortune Global 500 companies, including four of the
world’s five largest financial institutions, organizations in insurance,
retail, healthcare, critical infrastructure industries, as well as
government agencies. NSFOCUS has technology and channel
partners in more than 60 countries, and is a member of the Microsoft
Active Protections Program (MAPP), StopBadware.org, and the Cloud
Security Alliance (CSA).
A wholly-owned subsidiary of NSFOCUS Information Technology Co. Ltd.,
the company has operations in the Americas, Europe, the Middle East, and