Botnets: The uninvited guests that just won’t leave

/in


Botnets have been in existence for nearly two decades. Yet despite being a longstanding and widely known threat, they still have the power to wreak havoc on an organization’s networks, and often do so successfully while evading detection. 

The majority of contemporary malware families have set up botnets for command and control (C2) connections. It stands to reason that the number of active botnets would grow in sync with the number of malware families and versions. When FortiGuard Labs researchers analyzed botnet activity during the first half of 2023, we saw there are more botnets currently active, inevitably increasing the chances that organizations will be impacted by this threat.

What’s more concerning, though, is that we observed an increase in dwell time: Botnets are lingering on networks longer than ever before being detected. This underscores the fact that reducing response time is critical because the longer organizations allow botnets to remain, the greater the damage and risk to the business.

Botnet activity and dwell time are on the rise

The number of active botnets grew in the first half of 2023, up 27% from the prior six-month period. We also saw a higher rate of botnet activity (+126%) among organizations when comparing those same periods. 

Botnets are like uninvited guests that just won’t leave.

The true eye-opener for botnet trends in the first half of this year is the sharp rise in the overall number of \”active days\”—the period between the start of a botnet\’s activity and the termination of its C2 communications. In comparison to measurements made at the beginning of 2018, this reveals a more than 1,000x rise, demonstrating that botnets have become more tenacious in the last five years.

As botnets are quick to adapt and broaden the variety of devices they can automatically infiltrate and control—including some devices that traditionally haven’t been closely inspected, such as IoT—there are more vulnerabilities and exploits than ever that botnets can leverage.

Take back control from the botnets

Reducing response time is vital. The longer the dwell time, the more likely it is that botnets can impact a…

Source…