The botnet army: Tracker reveals the European 'botspots' powering global cyberattacks

A total of 6.7m bots joined the global botnet in 2016, claims cybersecurity firm Symantec.

Swarms of infected devices are a popular hacking tool, Symantec saidiStock

Swarms of internet-connected devices infected with malware have become a popular tool for hackers as their collective power can be used to launch cyberattacks.

Known as bot networks – or botnets – they typically include hijacked computers, smartphones or internet of things (IoT) devices which can be deployed at will to spread malware, generate spam and conduct distributed denial of service (DDoS) attacks.

This week (27 September), Symantec released an updated botnet tracker, sharing insight into where bots are lurking in the Europe, the Middle East and Africa (EMEA) region.

Advertisement

According to the firm, 6.7m bots joined the global botnet in 2016, and Europe made up nearly one-fifth (18.7%) of the world's total bot population.

The UK, Symantec said, was Europe's 11th highest source of bot infections, falling from 7th place in 2015.

The City of London boasted the majority of the UK's bot infected devices with 34.4% of all British bots located there at the time of writing.

"More than 13.8m people in the UK were victims of online crime in the past year, and bots and botnets are a key tool in the cyber-attacker's arsenal," said researcher Candid Wueest.

"It's not just computers that are providing criminals with their robot army; in 2016, we saw cyber criminals making increasing use of smartphones and Internet of Things (IoT) devices. In fact, IoT devices may be part of the uptick in global bot infections in 2016.

"Nearly a third (31%) of attacks originated from devices in Europe alone."

Indeed, the cities of Madrid, Istanbul and Moscow had more bots in their cities than the vast majority of nations had in their entire countries, Symantec said.

Advertisement

But Russia was home to the largest number of bots in all of Europe, with 13.6% of Europe's bot-infected devices residing there. However, with the largest internet-connected population in Europe, Russia's 'bot density' is comparatively low, experts revealed.

'Bot density' or 'bots per connected capita' is a comparison between a country's number of internet users and the volume of bot infections.

It aims to make it clear which countries have a true higher rate of infection.

Symantec's UK statistics on botnetsSymantec

With one bot for every 41 internet users, Russia was 31st in Europe and 94th in the world for 'bot density'. This comparatively low infection rate may be influenced to some degree by the codes of conduct of Russia's hacking community, researchers said.

Advertisement

"Russians infecting Russians is considered a hacking faux pas," Wueest noted.

"There have been instances in the past of hackers being 'doxxed' or outed to police by the hacking community for the sin of infecting local computers.

Botnets are built from infected computers around the world iStock

"The number of bot infections isn't typically representative of where cybercriminals live. Infection rates are typically lower in countries where users have better cyber-hygiene and hackers are often the most 'hygienic' or paranoid when it comes to their devices."

In comparison, Rome's Holy See, the world's smallest country, had the highest bot density not only in Europe, but globally. Its significantly smaller internet-connected populace meant Vatican users had approximately "a one in five chance of using a 'zombie' device."

In most cases, victims caught up in these networks are unwitting participants in crime.

For example, bot networks played a key role in the alleged Russian influence campaign during the 2016 US presidential election when they were used to amplify divisive messages, circulate conspiracy theories and share pro-Donald Trump talking points.

In another case from last year, swarms of IoT devices were enslaved into the so-called Mirai botnet and used to takedown websites including Reddit, Twitter and Netflix.

Concerned that your device may be enslaved in a bot army?

Symantec said that some key warning signs includes if your device starts drastically slowing down, displaying mysterious messages or crashing for no apparent reason. It advised users to keep up-to-date with security updateds and never to click suspicious links.

© Copyright 2017 IBTimes Co., Ltd. All Rights Reserved.