Today, none of us are immune to the impact of botnets on Internet-connected organizations. There is ample validation that monitoring the communications patterns between command-and-control servers and their intended victims is vital. We believe that taking a proactive approach to tracking botnet behavior can yield threat intelligence that is truly actionable. Botnets that are used for DDoS attacks are on the rise, but so are other types. This report examines the potential causes for the increase in these attack types, the profile of the victims by industry and geography, commonly-targeted ports and protocols, and several other botnet characteristics.

We take a closer look at botnets that are used specifically to deploy malware (such as the recently uncovered SSHPsychos and PoSeidon) to gain insights into complex threat models and protection options. These use cases serve to raise awareness of what organizations should expect from their network service providers, and highlight the need for greater levels of partnership and collaboration across the security community to safeguard the Internet more effectively.