Security researchers have observed a substantial increase in global botnet activity between December 2023 and the first week of January 2024, with spikes exceeding one million devices. The surge, deviating significantly from typical patterns, indicates a rise in the use of cheap or free cloud and hosting servers by attackers to create botnet launch pads. These servers, often accessed through trials, free accounts, or low-cost accounts, offer anonymity and minimal overhead for maintenance. The intensified scanning of global internet ports, including ports 80, 443, 3389, 5060, 6881, 8000, 8080, 8081, 808, and 8888, suggests a new level of cloud-based threats to the global internet.
Further analysis reveals that the surge in botnet activity originated from key countries, namely the United States, China, Vietnam, Taiwan, and Russia. The attackers utilized these new botnets to scan global internet ports, focusing on ports 80, 443, 3389, 5060, 6881, 8000, 8080, 8081, 808, and 8888. Additionally, increased scanning of ports 636, 993, and 6002 indicated potential exploits targeting email servers. The consistently elevated levels of activity highlight a concerning trend in the weaponization of the cloud against the global internet. Combatting these new botnet threats necessitates powerful DDoS protection to safeguard against their impact.
The surge in botnet activity persisted into the new year, with spikes on January 5th and 6th exceeding one million distinct devices each day, reaching 1,294,416 and 1,134,999, respectively. A subsequent spike of 192,916 on January 8th affirmed the sustained intensity of this cyber onslaught. The overall threat landscape underscores the importance of proactive cybersecurity measures, especially robust DDoS protection, to mitigate the risks associated with the evolving tactics of attackers utilizing cloud-based infrastructure for large-scale malicious activities.
