DDoS-Capable Botnets

As 2023 came to a close, there was a notable increase in the spread of DDoS-capable botnet nodes, similar to the proliferation of pathogens.

The count of DDoS-capable botnet nodes reached 711,757, marking a 17 percent rise over the first half of the year. These nodes, resembling virulent strains, have been instrumental in initiating direct-path assaults against enterprises globally. Persistent groups such as Anonymous Sudan, Killnet, and NoName057(16), analogous to resilient bacteria, remain active. They continuously enhance their arsenal, employing malware families such as Mirai, manipulating open proxy servers, co-opting public cloud infrastructure as if turning the body’s own cells against it, and utilizing bulletproof hosting providers. These tactics are akin to pathogens hiding within the body to evade detection, all while striving to overpower enterprise defenses.


Bots targeted the enterprise
Security-related events
Average packets per bot node

Service Provider

Bots targeted the enterprise
Security-related events
Number of vectors in top bot-sourced attack

Active DDoS Botnet Nodes