US home to majority of world’s botnet servers

IT security teams may be surprised to learn that the majority of the world's botnets are hosted in the U.S.

IT security teams may be surprised to learn that the majority of the world’s botnets are hosted in the U.S.

The United States has consistently been on the cutting edge of cybercriminal defense tactics, but a new report suggests that a surprising amount of threats have domestic roots. According to The Next Web, security researchers have revealed that the nation has the highest concentration of botnet servers as any in the world.

With 631 command and control (C&C) servers residing within U.S. borders, the country is more than twice as hospitable to these rogue systems as the nearest competitor (the British Virgin Island’s 237 servers). This revelation runs counter the the U.S. government’s long-held hypothesis that the scourge of cybercrime is primarily rooted in Eastern Europe, Russia and China. In fact, the latter two countries only play host to a combined 173 identified C&C servers.

According to CNET, industry veterans are stressing that this is only one static source of intelligence in a rapidly evolving threat environment. Similarly, botnet operators have been known to spoof the location of the command centers to confuse and elude authorities. Nevertheless, it stands to reason that these malicious activities will be centered in more developed nations which offer more robust technological infrastructures and a wider spread of potential targets.

An evolving threat vector
Botnets have traditionally been regarded as highly distributed but comparatively less lethal attack mechanism. By roping millions of unsuspecting computers into massive malware execution and distribution networks, cybercriminals have been able to quietly amass significant paydays siphoning fractions of pennies at a time. This threat vector has grown increasingly menacing, however, and C&C servers have begun to serve as the launch pads for more serious distributed denial-of-service (DDoS) attacks.

According to Computerworld, security researchers recently tied a series of DDoS attacks targeting U.S. banks to a variety of “botnets for hire” – as opposed to the originally suspected culprit of state-sponsored espionage.

“In an attempt to increase the volume of the attacks, hackers prefer web servers over personal computers,” security consultant Ronen Atias told the news source. “It makes perfect sense. These are generally stronger machines, with access to the high quality hoster’s networks and many of them can be easily accessed through a security loophole in one of the sites.”

With that said, both consumers and business professionals should be cognizant of the fact that their computer and network protection fundamentals may now be a matter of financial or even national security. As a result, the full gamut of vulnerability scanning, application control and incident reporting protocols should be diligently updated not only for operational sustainability, but the greater good as well.

Scott Cornell

When he’s not knee deep in blogging and all things tech, Scott spends his free time playing ultimate Frisbee and watching foreign films. An expert in emerging tech trends, Scott always has his ear to ground for breaking news related to IT security.