The United States is the largest source of botnet command and control (C&C) traffic in the world, accounting for around 20% of the global total, according to Level 3 Communications.
The telecoms giant revealed in its Safeguarding the Internet botnet research report that of the 1000 C&C servers it tracked in the first quarter of the year, over 600 were being used for malicious comms targeting corporate players.
The US came out on top thanks to its relatively advanced internet infrastructure and “proximity to valuable targets at home and abroad,” the report claimed.
The Ukraine came just behind with Russia in third place, while the Netherlands was the surprise frontrunner on continental Europe.
The latter’s “robust” infrastructure and location make it an ideal place to base attacks, Level 3 claimed.
It added:
“Unusual communications to these countries should be automatic red flags for IT and security organizations. A review of whether servers should be communicating, authenticating or transferring data with endpoints in certain high-risk countries can be a predictor of potential threats to your environment or an indicator of a potential compromise.”
Surprisingly, Norway came out as the country on the receiving end of most attacks – accounting for 22% compared to just 2% for the UK.
The United States and Spain rounded out the top three.
However, in terms of the number of actual victims – or unique IP addresses – China was worst hit (532,000), followed by the US (528,000) and then Norway (213,000).
Level 3 Communications said that the average number of hosts per C&C is 1700, although the volume of victims per C&C declined over the quarter from a high of 3763 in January to just 338 by March.
According to the report, prices for botnet hire have been rising from around $20 in 2013 to a staggering $190 per month today in the US, with almost a quarter of them used for more than one function.