Line 33: |
Line 33: |
| | | |
| * [[Spamhaus]]'s 2021 Q2 Report<ref>[https://www.spamhaus.org/news/article/813/spamhaus-botnet-threat-update-q2-2021 Botnet Update,Spamhaus]</ref> <br/> | | * [[Spamhaus]]'s 2021 Q2 Report<ref>[https://www.spamhaus.org/news/article/813/spamhaus-botnet-threat-update-q2-2021 Botnet Update,Spamhaus]</ref> <br/> |
− | This report focused on [[Botnet Attacks|botnet]] [[Command and Control]] activity and compared the findings from Q1 with Q2. | + | This report focused on [[Botnet Attacks|botnet]] [[Command and Control]] activity and compared the findings from Q1 with Q2. Key figures: |
− | :*Key figures:
| |
| # A 594% increase of newly registered botnet C&C domains at [[NameSilo]]! This sudden uptick knocked [[Namecheap]] out of first place. | | # A 594% increase of newly registered botnet C&C domains at [[NameSilo]]! This sudden uptick knocked [[Namecheap]] out of first place. |
| # Working with the [[FBI]], Spamhaus discovered 1.3 million compromised email accounts; 22,000 compromised domains; and 3,000 compromised networks. | | # Working with the [[FBI]], Spamhaus discovered 1.3 million compromised email accounts; 22,000 compromised domains; and 3,000 compromised networks. |
| + | # The three hosting providers with the largest abuse problems and/or worst [[DNS Abuse responses|responses]] to abuse reports are [[Ipjetable]], [[Google]], and [[Microsoft]]. <br/> |
| + | Other significant Spamhaus findings: |
| + | {| class="wikitable" |
| + | ! Top 20 Most Commonly Used Malware Families (ranked) !! Function !! Most Commonly Attacked TLDs (ranked) !! Top 20 Geo-Locations of C&C Botnet Servers (ranked) |
| + | |- |
| + | | Raccoon || dropper || [[.com]] || U.S. |
| + | |- |
| + | | RedLine || RAT || [[.xyz]] || Russia |
| + | |- |
| + | | AsyncRAT || Credential Stealer || [[.buzz]] || Netherlands |
| + | |- |
| + | | Loki || RAT || [[.top]] || Germany |
| + | |- |
| + | | Gozi || RAT || [[.br]] || France |
| + | |- |
| + | | BitRAT || Credential Stealer || [[.vip]] || Latvia |
| + | |- |
| + | | Oski || RAT || [[.org]] || U.K. |
| + | |- |
| + | | VjWOrm || Credential Stealer || [[.ru]] || Ukraine |
| + | |- |
| + | | NjRAT || Credential Stealer || [[.net]] || Switzerland |
| + | |- |
| + | | RemcosRAT || e-banking Trojan || [[.cloud]] || Seychelles |
| + | |- |
| + | | NanoCore || RAT || [[.tk]] || Czech Republic |
| + | |- |
| + | | AgentTesla || RAT || [[.cn]] || Moldova |
| + | |- |
| + | | Tofsee || RAT || [[.eu]] || Panama |
| + | |- |
| + | | Arkei || RAT || [[.ga]] || Canada |
| + | |- |
| + | | STRRAT || credential Stealer || [[.ml]] || Malaysia |
| + | |- |
| + | | CryptoBot || credential Stealer || [[.online]] || Poland |
| + | |- |
| + | | CobaltStrike || RAT || [[.live]] || Finland |
| + | |- |
| + | | ServeHelper || credential Stealer || [[.su]] || Vietnam |
| + | |- |
| + | | IcedID || dropper || [[.info]] || Turkey |
| + | |- |
| + | | QuasarRAT || dropper || [[.cf]] || Brazil |
| + | |} |
| | | |
| ==Organizations== | | ==Organizations== |