Security researchers have observed a significant increase in global botnet activity during the period from December 2023 to the first week of January 2024 [1] [2]. This surge in malicious reconnaissance scanning has seen the number of devices involved rise from the usual range of 10,000-20,000 to peaks exceeding one million devices.


Between December 8 and December 29, the number of devices engaged in malicious scanning reached 35,144 and 143,957 respectively, setting new records. This heightened activity continued into the new year [2], with daily spikes surpassing one million distinct devices on January 5 and 6 [2]. The surge originated from five key countries: the United States [1] [2], China [1] [2], Vietnam [1] [2], Taiwan [1] [2], and Russia [1] [2]. Adversaries took advantage of inexpensive or free cloud and hosting servers to establish botnet launch pads, with a specific focus on scanning global internet ports.


To effectively combat these emerging botnet threats, it is crucial to implement robust DDoS protection measures. The increased botnet activity poses significant risks and highlights the need for heightened security measures. It is imperative for organizations to stay vigilant and proactive in their efforts to safeguard against these evolving threats.