A year on from the Mirai botnet’s first major attack – which brought much of the internet to a standstill – Norton by Symantec, the cyber security company, reveals how the global botnet has grown and which countries and cities unwittingly played host to the greatest number of bot infections. 6.7 million more bots joined the global botnet in 2016, and Europe made up nearly one-fifth (18.7%) of the world’s total bot population.
According to global research from Norton, the United Kingdom was Europe’s 11th highest source of bot infections, falling from 7th place in 2015. Metropolitan London housed the majority of the UK’s bot infected (or “zombie”) devices with 34.4% of all British bots, while Manchester (18.95%) came second, with Maidenhead (5.55%) making an unlikely bid for fame as the 3rd most bot infected city.
Madrid ranked as the most bot-populous city in all of Europe, with more bots in the city than the entirety of the United Kingdom.
>See also: Fighting back against Mirai botnet
Rome’s Holy See, the world’s smallest country, had the highest density of bots globally when comparing the number of infections to internet users.
Bots are internet-connected devices of any kind, such as laptops, phones, IoT devices, baby monitors, etc. infected with malware that allow hackers to remotely take control of many devices at a time, typically without any knowledge of the device owner. Combined, these devices form powerful bot networks (botnets) that can spread malware, generate spam, and commit other types of crime and fraud online.
“More than 13.8 million people in the UK were victims of online crime in the past year, and bots and botnets are a key tool in the cyber attacker’s arsenal,” commented Candid Wueest, Norton Security Expert.
“It’s not just computers that are providing criminals with their robot army; in 2016, we saw cyber criminals making increasing use of smartphones and Internet of Things (IoT) devices to strengthen their botnet ranks. Servers also offer a much larger bandwidth capacity for a DDoS attack than traditional consumer PCs.”
In fact, IoT devices may be part of the uptick in global bot infections in 2016. During its peak last year, when the Mirai botnet – made up of almost half a million internet-connected devices such as IP cameras and home routers – was expanding rapidly – attacks on IoT devices were taking place every two minutes. Unbeknownst to the device owners, nearly a third (31%) of attacks originated from devices in Europe alone. The UK accounted for 2.7% of global IoT attacks in 2016, the 4th highest in Europe.
>See also: DDoS of Things is dawning on the horizon of an insecure cyber landscape
However, where a bot resides is not indicative of where its creator may live- an infected device in London, for example, could contribute to an attack in Asia, and be controlled by a cybercriminal somewhere in the United States.
Europe’s notable ‘botspots’
Russia was home to the largest number of bots in all of Europe with 13.6% of Europe’s bot-infected devices residing there. However, with the largest internet-connected population in Europe, Russia’s ‘bot density’ is comparatively low. ‘Bot density’ or ‘bots per connected capita’ is a comparison between a country’s number of internet users and the volume of bot infections.
It aims to make it clear which countries have a higher rate of infection. With one bot for every 41 internet users, Russia was 31st in Europe and 94th in the world for ‘bot density’. This comparatively low infection rate may be influenced to some degree by the codes of conduct of Russia’s hacking community.
“Russians infecting Russians is considered a hacking faux pas, commented Wueest. “There have been instances in the past of hackers being ‘doxxed’ or outed to police by the hacking community for the sin of infecting local computers. The number of bot infections isn’t typically representative of where cyber criminals live. Infection rates are typically lower in countries where users have better cyber-hygiene and hackers are often the most ‘hygienic’ or paranoid when it comes to their devices.”
>See also: 4 sectors vulnerable to IoT attacks in 2017
Rome’s Holy See not only has the highest bot density in Europe, but globally as well. Its significantly smaller internet-connected populace meant that Vatican users had approximately a one in five chance of using a ‘zombie’ device used by cyber criminals to launch attacks and spread spam, topping the tables for Europe’s “bot density” ranking. The rest of Italy also proved rife with bot infections. With one in every ten European bots hailing from the country, Italy was the second most populous home for bots in all of Europe.
The cities of Madrid, Istanbul and Moscow had more bots in their cities than the vast majority of nations had in their entire countries. Madrid, with 4.64% of Europe’s bot population, Istanbul, with 4.62%, and Moscow with 4.59% had more bots than the Netherlands, the 8th most bot infected country in Europe.
With 0.30% of the world’s bots calling Ireland home and 1.61% of Europe’s, it ranks 17th in Europe for its overall bot population.
Most of these bots were based in Dublin (79.35%), with Cork (5.98%) and Galway (3.12%) coming in second and third. When comparing Ireland’s bot population with its general population, the country shot up in the rankings. With one bot for every 15 internet users, Ireland ranks 11th in the region and 26th in the world for bot density.
Svalbard had the lowest number of bots in the European region, whilst Turkmenistan had the lowest rate of infections per internet user with 754 internet users for every one bot.
>See also: Cyber attacks are spreading at record pace
Warning signs and tips to stay protected
A bot might cause a device to slow down, display mysterious messages, or even crash for no apparent reason. Consumers should run a full diagnostic if any warning signs appear.
To safeguard against malicious bots
1. Install robust security software and firewalls to secure your device.
2. Never ignore system updates. Configure your software’s settings to update automatically to make the most of patches and fixes that vendors provide.
3. Never click on file attachments within emails or messages unless you can verify the source of the attachment is legitimate. Be particularly wary of Microsoft Office attachments that prompt users to enable macros.
4. Use a long and complex password that contains numbers and symbols and never use the same password for multiple services.
5. Enable advanced account security features, like two factor authorisation and login notification, if available.
6. Increase the security settings on your browser and devices.
7. Always log out of your session when done.