In 2017, the number of command and control (C&C) servers used for managing IoT botnets has more than doubled, going from 393 in 2016 to 943 in 2017.
The number is based on statistics provided by Spamhaus, an organization that aggregates data on abusive web hosts as part of several blacklists.
Botnets IP total grew by 32%
In a summary report for the past year, Spamhaus says it indexed over 9,500 new botnet C&C servers in 2017, a 32% increase from the previous year.
This number includes the IP addresses of C&C servers for botnets made up from many types of devices, not just IoT devices.
The 9,500+ figure also includes detections of C&C servers for all sorts of cybercrime activity, such as C&C servers used to control DD0S botnets, spam networks, banking trojans, or servers where crooks send data collected from phishing kits and infostealer malware.
Crooks preferred buying servers instead of hacking them
Of the 9,500 new botnet C&C servers that popped up in 2017, Spamhaus says that the vast majority —6,588 IP addresses, or 68% of the total— were IP addresses that linked back to individual servers that have been purchased from web hosting companies for the sole purpose of hosting malware operations.
The rest of the 9,500+ IPs Spamhaus indexed represent botnet C&C servers hosted on hacked servers. The proportion between bought and hacked servers used in malware and cybercrime operations remained the same as in 2016, according to the report.