Defenders of a Clean Internet

We proactively help protect the internet by taking down ~40 C2s per month.

OUR MISSION

The mission of Black Lotus Labs is to leverage our network visibility to both help protect customers and keep the internet clean.

Follow Us on Twitter

Black Lotus Labs - Threat Intel

2/28/19
The Necurs botnet has a well-known and sordid history of criminal endeavors. Today, it is regarded as one of the most prolific spam and malware distribution botnets in existence.
1/31/19
Over the past year, CenturyLink Threat Research Labs has been tracking an IoT botnet called “TheMoon”. TheMoon is a modular botnet specifically targeting vulnerabilities in routers within broadband networks.
11/14/18
CenturyLink Threat Research Labs has been tracking the Mylobot botnet, a sophisticated malware family that is categorized as a downloader. What makes Mylobot dangerous is its ability to download and execute any type of payload after it infects a host.

OUR VISIBILITY

See More. Stop More.

~114B

NetFlow sessions monitored daily

267+

New C2s discovered per month

~5,000

C2s monitored daily

THREAT REPORT

2018 CenturyLink Threat Report

Our 2018 report provides insights on global malicious traffic and victims by identifying C2s and the bots they control. Read more for further analysis on the evolution of IoT botnets.

Recent Articles

2/28/19
The Necurs botnet has a well-known and sordid history of criminal endeavors. Today, it is regarded as one of the most prolific spam and malware distribution botnets in existence. 
1/31/19
Over the past year, CenturyLink Threat Research Labs has been tracking an IoT botnet called “TheMoon”. TheMoon is a modular botnet specifically targeting vulnerabilities in routers within broadband networks.
11/14/18
CenturyLink Threat Research Labs has been tracking the Mylobot botnet, a sophisticated malware family that is categorized as a downloader. What makes Mylobot dangerous is its ability to download and execute any type of payload after it infects a host.
10/29/18
The Mirai malware began its life as a weapon in turf wars between feuding video game server operators. In the two years since it debuted, it has seen heavy adoption as a general DDoS attack platform around the world.
10/18/16
Level 3 Threat Research Labs has previously reported on a family of malware that exploits Internet of Things (IoT) devices to create distributed denial of service (DDoS) botnets. 
9/7/16
On August 13, a previously unknown organization named the “Shadow Brokers” released files claiming to be tools used by the hacking organization named the “Equation Group”. 
8/29/16
The rush to connect everything to the internet is leaving millions of everyday products vulnerable and ripe for abuse. We’ve seen internet connectivity added to appliances, athletic clothing, pill bottles and even forks.
2/25/16
It was worse than was thought, but a lot better than it could have been. This past Saturday, February the 20th, it was discovered that one of the most popular Linux desktop distributions had its installation image backdoored.
8/25/15
The faster those of us in the security and network operator space can detect a new attack vector, the faster we can come up with ways to slow or stall the growth of that method.
5/29/15
If you use a credit card to make purchases at your local retailer, gas station, restaurant or bar, it can be compromised – if it isn’t already.
4/8/15
The information security community’s ability to respond to threats and vulnerability discovery improves with each passing month. The collective reaction from the security community to a new file hash, new technique, or communication method has never been stronger.
11/1/14
The recent Bash vulnerability, known as Shellshock, provides an excellent opportunity to discuss security. Shellshock is somewhat unique as it was not a new type of bug nor did it require complex steps to remediate, despite its widespread impact.