Millions of Bots Sold Online, Indonesia Ranks Second in Botnet Infections

 Millions of Bots Sold Online, Indonesia Ranks Second in Botnet Infections

Distributed Denial of Service (DDoS) attacks orchestrated by zombie botnets have emerged as an alarming cybersecurity concern, significantly disrupting the operational integrity of corporate servers. In this landscape, botnets are increasingly being marketed alongside powerful DDoS tools, often wielded by malicious threat actors.

Within the depths of a Russian online forum, a mysterious figure known as 'unseenspy' has been peddling access to their private botnet, boasting a staggering tally of 1.3 million bots under their command. Notably, this vast botnet empire is most concentrated in India, boasting 219,211 bots, closely followed by Indonesia with 101,638, and Brazil with 99,019.

The 'unseenspy' threat actor offers access to this formidable botnet for a one-time fee of $2,000, sans bot updates. For an enhanced price of $3,000, buyers can access regularly updated bots. The static nature of these botnets raises significant concerns, given the immense havoc they could wreak upon a company's server infrastructure.

Figure 1: Breached forum sell access botnet

Cyberdefenseinsight's relentless pursuit of 'unseenspy' has unveiled a recurring pattern of access sales, sometimes under different pseudonyms like 'kalibr_9999,' as observed on August 18, 2023. In August, it appeared that the threat actor was selling only three accesses. However, as of September 2023, two accesses have already been sold, leaving just one access to be marketed by the threat actor.

The true identity of the seller, whether an individual or part of a larger team, remains elusive. Nonetheless, the sale of such expansive botnets instills profound anxiety, considering the sheer quantity of bots at their disposal.

Indonesia, remarkably, ranks as the second most heavily impacted country, with over 100,000 compromised machines. This juxtaposition with India, leading the pack, underscores Indonesia's vulnerability to botnet infections, especially on publicly accessible servers.

This narrative underscores the critical need for proactive cybersecurity measures and heightened awareness, catering to readers ranging from novices to seasoned professionals.