CIRA Canadian Shield blocked 2.2 million DNS requests associated with 15 known botnets in Q3. The high volume of blocks was largely attributed to Sodinokibi/REvil, a sophisticated type of ransomware that was first identified by CIRA Canadian Shield in July 2021.
The other most common botnet blocked by Canadian Shield were Qsnatch, a backdoor malware tailored to attack storage hardware, and Simda, well-known malware and botnet, and Tinba, which is often used for financial fraud.
Canadian Shield also blocked Flubot Malware, a mobile spyware, which made its first appearance in September with 1,043 DNS requests blocked. Pykspa, a type of malware that spreads using Skype, also saw a higher volume in Q2 of 2021, as compared to the first six months of the year, with over 2,700 DNS requests blocked in September alone.