Botnet scanning surge fueled by free cloud service exploitation

SecurityWeek reports that reconnaissance scanning was conducted by almost 1.3 million IP addresses on Jan. 6, representing a substantial surge in botnet scanning from the 43,000 devices and more than 35,000 devices observed on Dec. 20 and Dec. 8, respectively, which were significantly higher than the average 10,000 to 20,000 devices observed to conduct scans daily. Such a spike has been brought upon by the increasing prevalence of free or low-cost cloud and hosting servers that have been availed through free accounts and trials, a report from Netscout showed. The findings also showed that most of the IPs leveraged in botnet scanning were from the U.S., followed by China, Vietnam, Taiwan, and Russia, while HTTP-, HTTPS-, RDP-, and SIP-related ports were most targeted by the scans. "The unprecedented growth of malicious botnets in the cloud confirms that a dangerous new wave of cybercrime is underway. This battle is just beginning and the adversary is performing reconnaissance to uncover areas to exploit," said Netscout.