Defenders of a Clean Internet

We proactively help protect the internet by taking down ~63 C2s per month.

OUR MISSION

The mission of Black Lotus Labs is to leverage our network visibility to both help protect customers and keep the internet clean.

Follow Us on Twitter

Black Lotus Labs - Threat Intel

9/5/19
Despite the ubiquity of DNS, too many security teams today do not adequately prioritize it as a focus for monitoring and mitigation of risk.
6/17/19
Over the past several years Emotet has established itself as a pervasive and continually evolving threat, morphing from a prominent banking trojan to a modular spam and malware-as-a-service botnet.
2/28/19
The Necurs botnet has a well-known and sordid history of criminal endeavors. Today, it is regarded as one of the most prolific spam and malware distribution botnets in existence.

OUR VISIBILITY

See More. Stop More.

~139B

NetFlow sessions monitored daily

680+

New C2s discovered per month

~18,000

C2s monitored daily

THREAT REPORT

Read the 2019 CenturyLink Threat Report

Our threat research and operations arm, Black Lotus Labs, reveals the current state of the threat landscape with proprietary research into mass malware, such as the network-based behaviors of some of today’s most prevalent botnets: Mylobot, TheMoon, Necurs, Mirai/Satori and Emotet. 

Learn how threat actors use a variety of tactics, including DNS-based attacks, and gain actionable advice for how to best defend your network.

Recent Articles

9/5/19
Despite the ubiquity of DNS, too many security teams today do not adequately prioritize it as a focus for monitoring and mitigation of risk.
6/17/19
Over the past several years Emotet has established itself as a pervasive and continually evolving threat, morphing from a prominent banking trojan to a modular spam and malware-as-a-service botnet.
2/28/19
The Necurs botnet has a well-known and sordid history of criminal endeavors. Today, it is regarded as one of the most prolific spam and malware distribution botnets in existence. 
1/31/19
Over the past year, CenturyLink Threat Research Labs has been tracking an IoT botnet called “TheMoon”. TheMoon is a modular botnet specifically targeting vulnerabilities in routers within broadband networks.
11/14/18
CenturyLink Threat Research Labs has been tracking the Mylobot botnet, a sophisticated malware family that is categorized as a downloader. What makes Mylobot dangerous is its ability to download and execute any type of payload after it infects a host.
10/29/18
The Mirai malware began its life as a weapon in turf wars between feuding video game server operators. In the two years since it debuted, it has seen heavy adoption as a general DDoS attack platform around the world.
10/18/16
Level 3 Threat Research Labs has previously reported on a family of malware that exploits Internet of Things (IoT) devices to create distributed denial of service (DDoS) botnets. 
9/7/16
On August 13, a previously unknown organization named the “Shadow Brokers” released files claiming to be tools used by the hacking organization named the “Equation Group”. 
8/29/16
The rush to connect everything to the internet is leaving millions of everyday products vulnerable and ripe for abuse. We’ve seen internet connectivity added to appliances, athletic clothing, pill bottles and even forks.
2/25/16
It was worse than was thought, but a lot better than it could have been. This past Saturday, February the 20th, it was discovered that one of the most popular Linux desktop distributions had its installation image backdoored.
8/25/15
The faster those of us in the security and network operator space can detect a new attack vector, the faster we can come up with ways to slow or stall the growth of that method.
5/29/15
If you use a credit card to make purchases at your local retailer, gas station, restaurant or bar, it can be compromised – if it isn’t already.
4/8/15
The information security community’s ability to respond to threats and vulnerability discovery improves with each passing month. The collective reaction from the security community to a new file hash, new technique, or communication method has never been stronger.
11/1/14
The recent Bash vulnerability, known as Shellshock, provides an excellent opportunity to discuss security. Shellshock is somewhat unique as it was not a new type of bug nor did it require complex steps to remediate, despite its widespread impact.