Recent weeks have seen an exponential rise in malicious botnets performing reconnaissance scanning to scout out victims. According to researchers at cybersecurity firm Netscout, the number of potentially compromised devices rose from around 10,000 to roughly 144,000 over December, with no sign of the trend letting up.
“The trend continued into the new year, with the largest spikes occurring on January 5 and 6, eclipsing one million distinct devices. The levels reached an unprecedented 1,294,416 on the 5th,” reports Netscout.
The Netscout researchers say that this increased malicious scanning has been isolated to five key countries: The United States, China, Vietnam, Taiwan, and Russia. All have seen a rise in attackers using cheap or free cloud and hosting servers to create botnet launch pads.
“Analysis of the activity has uncovered a rise in the use of cheap or free cloud and hosting servers that attackers use to create botnet launch pads. These servers are used via trials, free accounts, or low-cost accounts, which provide anonymity and minimal overhead to maintain,” says Netscout.
Such industrial-scale constant scanning and scamming across the internet can only be the work of highly organized criminal groups and nation-states. Although the use of false flags in the form of human-seeming ‘bots’ to elicit information is already a well-used technique, Netscout believes that the current botnet boom may have more immediate and initially damaging consequences. Instead of merely selecting target individuals and organizations and spying on them, the current generation of botnets has been created solely to facilitate imminent cyber-attacks.
Adversaries hitting key ports
“These adversaries appear to be using these new botnets to scan the global internet. They are hitting key ports, likely to uncover vulnerabilities and attack lanes,” says Netscout.
With the Russian and Chinese economies facing unprecedented economic challenges and the escalating expense of China’s massive arms budget as it gears up to challenge Taiwanese independence, even the coffers of some once-cash-rich, potentially hostile states may soon need replenishing by any means necessary. It is already common knowledge amongst security services that North Korea’s highly aggressive missile development program has been largely funded by the proceeds of cybercrime carried out by government agents or cybercriminals working directly or indirectly for a militarist state.
Cybercrime conducted on a global scale has many potential advantages for rogue states. As well as generating large sums of virtually untraceable crypto-cash, it also offers what politicians call “plausible deniability”. In the case of countries such as Russia, it is also genuinely difficult to distinguish between attacks by criminals that are nation-state-backed and those that are not.
According to Netscout: “The unprecedented growth of malicious botnets in the cloud confirms that a dangerous new wave of cybercrime is underway. This battle is just beginning, and the adversary is performing reconnaissance to uncover areas to exploit.”
