Security researchers have discovered a significant increase in global botnet activity between December 2023 and the first week of January 2024, with spikes observed exceeding one million devices.
Writing in an advisory published on Friday, Netscout ASERT explained that, on a typical day, approximately 10,000 such devices engaged in malicious reconnaissance scanning last year, with a high watermark of 20,000 devices.
On December 8 2023, this number surged to 35,144 devices, signaling a notable departure from the norm.
According to the technical write-up, the situation escalated on December 20, with another spike reaching 43,194 distinct devices.
Subsequent spikes, occurring in shorter intervals, culminated in a record-breaking surge on December 29, involving a staggering 143,957 devices, nearly ten times the usual levels.
Disturbingly, this heightened activity persisted, with high watermarks fluctuating between 50,000 and 100,000 devices.
As the new year unfolded, the scale of the threat became even more pronounced, with January 5 and 6 witnessing spikes exceeding one million distinct devices each day - 1,294,416 and 1,134,999, respectively.
A subsequent spike of 192,916 on January 8 affirmed the sustained intensity of this cyber onslaught.
Further analysis revealed that this surge emanated from five key countries: the United States, China, Vietnam, Taiwan and Russia.
Adversaries utilizing these new botnets focused on scanning global internet ports, particularly ports 80, 443, 3389, 5060, 6881, 8000, 8080, 8081, 808 and 8888.
Signs of potential email server exploits surfaced through increased scanning of ports 636, 993 and 6002.
This Cyber News was published on www.infosecurity-magazine.com. Publication date: Mon, 15 Jan 2024 17:20:17 +0000