StealthWatch Labs Intelligence Center (SLIC)

Threat Scope Maps (past 24 hours)

The StealthWatch Labs Intelligence Center (SLIC) is Lancope’s research initiative which tracks emerging threat information from around the world.

>20%
>10%
>5%
>1%
>0.5%
>0%

Top Botnet Command & Control Sources
 

1 United States 24%
2 China 9%
3 South Korea 9%
4 Russia 8%
5 Germany 7%
6 United Kingdom 6%
7 Europe 3%
8 Brazil 2%
9 France 2%
10 Canada 2%

About C&C Activity Map
 

This map shows the locations of active botnet command and control servers currently being tracked by the StealthWatch Labs Intelligence Center (SLIC).

Botnet operators use networks of command and control servers located throughout the world to manage malicious software that they have installed on victim computers. They obtain access to these servers in several different ways:

  • Breaking into legitimate Internet hosts and taking them over.
  • Purchasing hosting services from legitimate providers.
  • Purchasing hosting services from sympathetic crimeware hosting services.

Any computer that attempts to communicate with a botnet command and control server is likely to have been infected with malware.

>20%
>10%
>5%
>1%
>0.5%
>0%

Top Internet Scanning Countries
 

1 China 63%
2 United States 3%
3 India 3%
4 South Korea 2%
5 Russia 1%
6 Taiwan 1%
7 Japan 1%
8 Colombia 1%
9 Brazil 1%
10 Hong Kong 1%

Top Scanned Ports
 

1 TCP 23 10%
2 TCP 22 10%
3 TCP 1433 6%
4 TCP 80 5%
5 TCP 443 5%
6 UDP 53 5%
7 TCP 8080 4%
8 TCP 3389 4%
9 TCP 0 4%
10 UDP 19 2%

About Internet Scanning Activity Map
 

This map shows sources of Internet scanning activity that Lancope is currently observing.

Attackers regularly scan the Internet in search of hosts running a variety of different services. Hosts that respond to these scans are often targeted with password brute force attacks or other exploit activity. Some scans are also performed by legitimate Internet security researchers who are attempting to document the global prevalence of certain services and vulnerabilities.

Worm propagation can also impact these results, as worms will access random Internet address ranges as they search for vulnerable hosts to infect.

>20%
>10%
>5%
>1%
>0.5%
>0%

Top DDoS Victims
 

1 China 19%
2 Taiwan 17%
3 South Korea 12%
4 United States 10%
5 Japan 6%
6 France 5%
7 Thailand 2%
8 Germany 2%
9 Hong Kong 2%
10 Russia 2%

About Backscatter (DDoS Victims) Map
 

This map shows sources of Backscatter activity on the Internet. Most of the systems represented on this map are the victims of Distributed Denial of Service Attacks.

When attackers launch certain kinds of Denial of Service attacks, they send large amounts of spoofed packets toward the victim from randomly chosen source addresses. The victim will reply to a certain percentage of these spoofed packets.

StealthWatch Labs monitors part of the Internet for these unsolicited replies to transactions that were never sent. This monitoring operation is known as a Darknet.