Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Number of Botnet Command & Control Servers Soared in 2019
Newest First  |  Oldest First  |  Threaded View
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
1/30/2020 | 9:28:56 PM
Re: fraudulent
All too true. Still need resources to do so. It would be nice if AI matured to the point where we could have bots monitor the bad bots.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
1/30/2020 | 9:27:42 PM
Re: Eastern companies
Agreed. Even if there were, question is would the penalty outweigh the reward to the point where it would cause a change in behavior?
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
1/30/2020 | 9:25:45 PM
Re: Cloudfare
Thats the million dollar question. I've typically found that aspect to be performed quite rarely. The infrastructure is so expansive that without extensive resources it is difficult to police all that binary area.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
1/30/2020 | 9:23:40 PM
Re: Credentials
Agreed. Passwords are the weakest form of authentication after all. Thats why MFA needs to be employed wherever possible.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
1/30/2020 | 9:22:45 PM
Re: Servers?
Keyphrase "supposed to". I would also say that this is more akin to servers should have "limited" access to the internet. 

Its rare to see us do things we are supposed to do, in light of doing whats easier unfortunately.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/30/2020 | 6:52:45 PM
fraudulent
Finding the fraudulent registrations is often not that hard, but it needs to be done, Unless somebody checks what those bots are really doing it may not be that easy to find out if they are fraudulent or not.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/30/2020 | 6:51:12 PM
Eastern companies
At the same time many more eastern companies have fraudulent customers, signaling that abuse procedures and customer-vetting problems are more widespread there, and not limited to a handful of companies This makes sense. There may not be enough regulations and enforcement in those regions.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/30/2020 | 6:48:05 PM
Cloudfare
Over 1,580 botnet servers in 2019, for instance, were hosted on Cloudflare alone -- more than double the 629 hosted by second-place Alibaba of China. Interesting. The question is that if anybody checks what those boys are really doing.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/30/2020 | 6:45:26 PM
Credentials
Spamhaus detected in 2020 were associated with credential-stealing malware such as Lokibot and AZORult. This explains it. Once credentials are compromised there is not much anyone can do.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/30/2020 | 6:42:33 PM
Servers?
The number represented a big 71.5% jump over the 10,263 botnet C2 servers that Spamhaus detected and blocked in 2018, and a near doubling in number from the 9,500 servers in 2018 This is surprising. Servers supposed to have no direct collections to internet so these bots could not be executed.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9498
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
CVE-2020-3282
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
CVE-2020-5909
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
CVE-2020-5910
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
CVE-2020-5911
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.