A year on from the Mirai botnet’s first major attack – which brought much of the internet to a standstill, Norton by Symantec has revealed how the global botnet has grown and which countries and cities unwittingly played host to the greatest number of bot infections. 6.7 million more bots joined the global botnet in 2016, and the Gulf Cooperation Council (GCC) made up nearly 11.4 percent of the Middle East’s total bot population.
According to global research from Norton:
- Riyadh, Kingdom of Saudi Arabia, ranked #1 city in the GCC for the highest source of bot infections. It also ranked as the 4th city in the Middle East with 43.1 percent of bots in the region;
- Dubai, United Arab Emirates, ranked #2 most bot infected city in the GCC and 6th in the Middle East with 24.7 percent of bots in the region;
- Kuwait City, Kuwait, ranked #3 most bot infected city in the GCC and 10th in the Middle East with 13.2 percent of bots in the region;
Bots are Internet-connected devices of any kind, such as laptops, phones, IoT devices, baby monitors, and so on, infected with malware that allow hackers to remotely take control of many devices at a time, typically without any knowledge of the device owner. Combined, these devices form powerful bot networks (botnets) that can spread malware, generate spam, and commit other types of crime and fraud online.
“The GCC is widely considered a region that adopts new technologies more readily when compared to other global markets. But there seems to be a limited awareness amongst consumers about the various risks associated with using internet connected devices. In fact, more than 2.53 million consumers in the UAE were victims of online crime in the past year, and bots and botnets are a key tool in the cyber attacker’s arsenal,” commented Tamim Taufiq, Head of Norton Middle East.
“It’s not just computers that are providing criminals with their robot army; in 2016, we saw cyber criminals making increasing use of smartphones and Internet of Things (IoT) devices to strengthen their botnet ranks. Servers also offer a much larger bandwidth capacity for a DDoS attack than traditional consumer PCs,” added Taufiq.
In fact, IoT devices may be part of the uptick in global bot infections in 2016. During its peak last year, when the Mirai botnet – made up of almost half a million Internet-connected devices such as IP cameras and home routers – was expanding rapidly – attacks on IoT devices were taking place every two minutes. Unbeknownst to the device owners, one in 50 IoT attacks originated from devices in the Middle East alone. The UAE accounted for five percent of IoT attacks coming from the Middle East in 2016.
The ratio of bots per internet connected user in the GCC was significant as well. There is one bot for every 20 internet users in Kuwait; one bot for every 28 internet users in the UAE; and one bot for every 35 internet users in KSA. The number is lower for Oman where there is 1 bot for every 50 internet users.
However, where a bot resides is not indicative of where its creator may live – an infected device in Dubai, for example, could contribute to an attack in the Asia, and be controlled by a cybercriminal somewhere in the United States.