Case Studies

Where bots call home

by Mark Rowe

Turkey, the subject of several attacks from hacktivist groups in 2015, had far and away the largest number of bots in EMEA. That’s according to a survey by Norton by Symantec, the IT security product firm, of which cities unwittingly played host to the most ‘zombies’, also known as ‘bot’-infected devices, such as PCs, Macs, smartphones, tablets and connected home devices, across Europe, the Middle East and Africa (EMEA) last year.

Remotely controlled by cybercriminals as part of a “botnet”, infected devices are used to carry out denial-of-service attacks (attacks which aim to take down a company’s website), send spam, perpetrate click-fraud (automated clicks on pay-per-click advertisements) and many other acts of cybercrime, often unknown to the device’s owner. Available for hire in online forums and on the dark web, the largest botnets can connect millions of internet-enabled devices in coordinated attacks. Fourth in the global rankings, Turkey made up 18.5 per cent of EMEA’s bot population and 4.5 per cent of the world’s.

The UK was the seventh most bot-infected country, when looking at total bot population. Metropolitan London homed the majority of those, with 19 per cent of the UK’s total. Milton Keynes, was the fourth most populous city for bots; Sheffield and Oxford ranked second and third.

Despite the number of missives from Nigerian princes about their finances, Nigeria ranked 94th for bot density with one bot for almost every 2.1 million internet users. African countries generally ranked fairly low for density of their bot populations among their internet users compared to their European and Middle Eastern counterparts, despite the comparatively smaller populations of internet users.

Nick Shaw, Vice President and General Manager, EMEA, Norton said: “The size of a bot population can depend on many factors, but markets and cities where there has been a recent uptick in high-speed, internet connected devices certainly creates new, lucrative sources of bandwidth for cybercriminals to compromise. But it’s not just infected PCs that are providing criminals with their robot army. We’ve recently seen criminals making increasing use of mobile and home connected devices, or the Internet of Things (IoT), and Macs to strengthen their botnet ranks.”

Russia, with the largest number of internet users in EMEA, had the ninth largest bot population, 37 per cent of which coming from Moscow. When comparing Russia’s bot population to its vast number of internet users it ranked 38th, with one bot for every 9060 people. Rome’s bot population was the third highest amongst EMEA cities. Its 2.8 per cent share of total EMEA bots helped secure Italy’s second place ranking for total bot population. Rome’s bot population was such that if counted as a country it would place 11th in the top most bot-infected countries. With 1,829 internet users for every unique infection, Italy ranked eighth in the bot density ranking.

Hungary lead the table for the density of its bot population but was third in EMEA’s country by country ranking for total bot population. Hungarian internet users had a one in 393 chance of using a device that is part of a botnet, presenting a higher risk than other countries. Budapest and Szeged played host to the lion’s share of the Hungarian bots with 30 per cent and 25 per cent of the country’s bots calling it their home. The bot populations of these individual cities also outrank a significant proportion of nations. Budapest and Szeged would rank 11th and 12th respectively if compared to entire countries’ bot populations.

The comparatively tiny principality of Monaco was second when reviewing bot density. Its significantly smaller internet connected populace meant that internet users in Monaco had approximately a one in 457 chance of using a ‘zombie’ device used by cybercriminals to launch attacks and spread spam.

Paul Wood, head of cybersecurity research at Symantec, added: “Where a bot resides isn’t indicative of where its controlling cybercriminal may live. Botnets are global in nature, and an infected device in Europe could contribute to an attack in Asia, controlled by a cybercriminal in North America. We’d probably have bots attacking from the Antarctic if there was more bandwidth there. Cybercriminals can either corral a botnet themselves, or hire one through specialised forums or networks. Rental can be priced by the hour, sheer volume and power of infected devices.”

Related News

  • Case Studies

    City contract

    by Mark Rowe

    Sumitomo Mitsui Banking Corporation Europe Limited (SMBCE) has chosen Wilson James as their new security supplier for manned guarding. The contact which…

  • Case Studies

    Top cyber threats

    by Mark Rowe

    Links within emails are perceived as posing the biggest cyber threat to UK businesses, according to a survey of 600 senior business…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing