StealthWatch Labs Intelligence Center (SLIC)

Threat Scope Maps (past 24 hours)

The StealthWatch Labs Intelligence Center (SLIC) is Lancope’s research initiative which tracks emerging threat information from around the world.

>20%
>10%
>5%
>1%
>0.5%
>0%

Top Botnet Command & Control Sources
 

1 United States 22%
2 Russia 11%
3 South Korea 8%
4 China 8%
5 Germany 7%
6 United Kingdom 5%
7 France 2%
8 Europe 2%
9 Brazil 2%
10 Canada 2%

About C&C Activity Map
 

This map shows the locations of active botnet command and control servers currently being tracked by the StealthWatch Labs Intelligence Center (SLIC).

Botnet operators use networks of command and control servers located throughout the world to manage malicious software that they have installed on victim computers. They obtain access to these servers in several different ways:

  • Breaking into legitimate Internet hosts and taking them over.
  • Purchasing hosting services from legitimate providers.
  • Purchasing hosting services from sympathetic crimeware hosting services.

Any computer that attempts to communicate with a botnet command and control server is likely to have been infected with malware.

>20%
>10%
>5%
>1%
>0.5%
>0%

Top Internet Scanning Countries
 

1 China 49%
2 South Korea 6%
3 India 5%
4 United States 4%
5 Japan 2%
6 Russia 2%
7 Taiwan 1%
8 Colombia 1%
9 Mexico 1%
10 Brazil 1%

Top Scanned Ports
 

1 TCP 22 14%
2 TCP 23 12%
3 TCP 5000 6%
4 UDP 53 6%
5 TCP 3389 5%
6 UDP 5060 3%
7 TCP 8080 3%
8 TCP 2967 3%
9 TCP 0 3%
10 TCP 80 3%

About Internet Scanning Activity Map
 

This map shows sources of Internet scanning activity that Lancope is currently observing.

Attackers regularly scan the Internet in search of hosts running a variety of different services. Hosts that respond to these scans are often targeted with password brute force attacks or other exploit activity. Some scans are also performed by legitimate Internet security researchers who are attempting to document the global prevalence of certain services and vulnerabilities.

Worm propagation can also impact these results, as worms will access random Internet address ranges as they search for vulnerable hosts to infect.

>20%
>10%
>5%
>1%
>0.5%
>0%

Top DDoS Victims
 

1 United States 16%
2 Taiwan 15%
3 South Korea 14%
4 Japan 8%
5 China 6%
6 Thailand 5%
7 Vietnam 3%
8 France 3%
9 Germany 3%
10 Canada 2%

About Backscatter (DDoS Victims) Map
 

This map shows sources of Backscatter activity on the Internet. Most of the systems represented on this map are the victims of Distributed Denial of Service Attacks.

When attackers launch certain kinds of Denial of Service attacks, they send large amounts of spoofed packets toward the victim from randomly chosen source addresses. The victim will reply to a certain percentage of these spoofed packets.

StealthWatch Labs monitors part of the Internet for these unsolicited replies to transactions that were never sent. This monitoring operation is known as a Darknet.