Key Takeaways from Latest Internet Threat Research

Best Cable Deals
High Speed Internet

CenturyLink® is sharing intelligence upon the “Necurs” botnet, uncovered by Black Lotus Labs™, which furthers the company’s commitment to help protect the internet and user devices from malicious threats.

The mission of CenturyLink’s latest threat research and operations unit, Black Lotus Labs™, is to leverage its network visibility in order to help protect consumers by keeping the internet clean. Tracking and disrupting a botnet is among the ways, in which, the CenturyLink® division does this. “Necurs”, for one, is a malware and spam distribution botnet, which has recently shown a hiding technique to avoid detection as well as quietly amass even more bots.

Mike Benjamin, the leader of Black Lotus Labs™, said that, “Necurs is the multitool of botnets, evolving from operating as a spam botnet delivering banking trojans and ransomware to developing a proxy service, as well as cryptomining and DDoS capabilities. What’s particularly interesting is Necurs’ regular cadence of going dark to avoid detection, reemerging to send new commands to infected hosts and then going dark again. This technique is one of many the reasons Necurs has been able to expand to more than half a million bots around the world.”

Key Takeaways from the Research

  • Best Internet Service
    Internet Threat Research

    Beginning in May 2018, the division of the best internet service provider observed regular and sustained downtime of about fourteen days, followed by around twenty-one days of activity for the three groups of bots that were most active including “Necurs”.

  • Necurs’ nearly 57,000 bots were dispersed globally, with around half of them in the nations including Turkey, India, Indonesia, Iran, and Vietnam.
  • The botnet uses a DGA (Domain Generation Algorithm) to both obfuscate its operations as well as avoid takedown. Still, it is a two-edged sword: since the DGA domains the botnet will utilize are known beforehand, security researchers are able to use methods such as sinkholing the DGA domains as well as analyzing Domain Name System and network traffic in order to enumerate bots as well as C2 (command and control) infrastructure.
  • The telecommunications company took measures to mitigate the risk the botnet poses to customers, besides informing other network owners about potentially infected devices in order to help protect the web.

In addition to providing some of the best cable deals, CenturyLink® also strives to become the best networking company in the world by solving the increased demand of customers for secure and reliable connections.

Add a Comment

Your email address will not be published. Required fields are marked *