Botnets live long and prosper, despite cyber security efforts

Increased cyber-vigilance failing to reduce operating life of botnet servers


The length of time a botnet command and control server is online has remained constant over the past six months, despite increased awareness of this type of threat.

Research by ISP Level 3 Communications found that during the first quarter of 2015 C&C servers survived an average of 38 days on the internet before being taken offline - a figure that has remained constant since Q4 2014.

Advertisement - Article continues below

Perhaps more worryingly, the server going offline can be as much a byproduct of the server owner upgrading software or patching vulnerabilities as malware discovery and removal.

However, the average number of victims per C&C server fell dramatically over the quarter, from 3,763 in January to 338 in March.

Level 3 said this can be attributed both to general "vigilance on behalf of the security community" and, while no one action is mentioned by the company, it is worth noting the precipitous drop in numbers follows almost immediately in the wake of the Ramnit botnet, which had infected 3.2 million computers, being taken offline by Europol's European Cybercrime Centre (EC3) in late February.

Cyber crime economics

Despite big takedowns like Ramnit, the economics of cyber crime still work in the favour of malicious actors. Last year, Dell Secureworks found the cost of renting a 1,000-server UK-based botnet was $120 per month, an increase of 600 per cent from 2013 and a lucrative deal for the botnet owners.

Advertisement - Article continues below
Advertisement - Article continues below

Level 3 Communications also found that 22 per cent of C&C servers have more than one threat purpose.

"Most likely, many of these botnets are commercial in nature, and they are part of a diversified business," said Level 3. "For example, they may serve multiple, for-profit purposes, such as malware distribution, DDoS attacking and phishing services."

"Botnet operation is a lucrative business, with a simple setup. Operational costs to create, maintain and move a botnet, once shut down, are low. Blocked botnets can come back online often within hours of being shut down," the company added.

This doesn't mean those renting the infrastructure get a raw deal, though.

In its 2015 Global Security Report, security firm Trustwave found attackers' estimated ROI for exploit kit and ransomware schemes, the "vast bulk" of which is distributed by a botnet, was over 1,400 per cent.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now



K2View innovates in data management with new encryption patent

28 May 2020
video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020
cyber security

Microsoft AI can detect security flaws with 99% accuracy

20 Apr 2020

Most Popular

network attached storage (NAS)

Western Digital accused of sneaking inferior SMR tech into NAS drives

1 Jun 2020
data breaches

EasyJet faces class-action lawsuit over data breach

26 May 2020
Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020