Experts have warned malicious botnets are on the rise as researchers observe “massive spikes” in the activity of distinct, potentially compromised devices.
A report from the NETSCOUT ASERT team claims that at one point, a million devices were engaged in malicious reconnaissance scanning, a hundred times the usual levels.
Ports and servers
“This massive spike is evidence of increased botnet scanning activity, especially since levels have remained high since this time, with the high water marks of normally 20,000 now settling in the level of 50,000 - 100,000,” the researchers said. The trend continued into the new year, with spikes on January 5 and 6 exceeding a million devices.
The surge came from just five countries, the researchers further explained: The United States, China, Vietnam, Taiwan, and Russia. Threat actors were mostly using cheap, or free, cloud and hosting servers, to create botnet launch pads. “These servers are used via trials, free accounts, or low-cost accounts, which provide anonymity and minimal overhead to maintain,” they explained.
The botnets are used to scan the global internet via specific ports, in search of possible vulnerabilities. The ports are:
• 80
• 443
• 3389
• 5060
• 6881
• 8000
• 8080
• 8081
• 808
• 8888
• and others.
Threat actors could also be hunting for potential email server exploits, as they were also seen scanning ports 636, 993, and 6002, the researchers concluded.
More from TechRadar Pro
- Stealthy new botnet targets VPN devices and routers while staying disguised
- Here's a list of the best firewalls around today
- These are the best endpoint security tools right now