Figure 27: Command & Control Servers for 2023
Finding two: coronation As for the alleged competitors, Pikabot emerges as the current market leader according to our data. Congratulations, Pikabot!
For ‘commercial’ malware (i.e. advertised and distributed through underground forums and chatter as opposed to kept in smaller teams), this is further intensified since more operators could potentially make use of the updated malware versions, resulting in higher detection (sharper rise) on the graphs simply due to higher numbers involved in the attacks that will then get detected. Correlations between the developments we currently know of within the presented malware families and their detection numbers indicate a change-detection lag of ca 3 weeks. For the collected samples (Figure 26), the peaks in May and November correlate neatly with Pikabot’s technical evolution steps and new features added. Danabot upgraded to version 3 in July, moving the detection ticks upwards the next month.
Finding three: peaks and valleys
Sudden ebbs and rises in the data graphs may seem jagged at a glance, but most tend to have a logical explanation: we simply do not expect smooth progression from malware tracking due to the nature of collecting samples and indicators. As new versions of malware are pushed by the threat actors, detection on the defending side needs time to improve and develop, a process not represented by a smooth and gradual line.
65
Made with FlippingBook - PDF hosting