Chicago Leads in Botnets

October 12, 2017

Approaching the one-year anniversary of the Mirai botnet attacks – which infected almost 500,000 connected devices and brought much of the internet to a standstill – Norton by Symantec has revealed how the global botnet has grown and which countries and cities have played host to the greatest number of bot infections. During the time of the Mirai botnet’s peak, almost 20 percent of all attacks originated from devices in the United States, the second highest source globally. In 2016 alone, the Symantec Global Intelligence Network found a staggering 6.7 million additional bots joined the global botnet.

Bots are Internet-connected devices of any kind, such as laptops, phones, connected devices and baby monitors, infected with malware that allow hackers to remotely take control of many devices at a time, typically without any knowledge of the device owner. Some botnets (bot networks) might have a few hundred or a few thousand devices, but others have hundreds of thousands, even millions, at their disposal. When utilizing these massive networks, hackers can spread malware, generate spam, and commit other types of online crime and fraud. Additionally, they can also be used to capture personal information like log-ins or banking details.

“More than 689 million people were victims of online crime in the past year1, and bots and botnets are a key tool in the cyber attacker’s arsenal,” commented Candid Wueest, Norton Security expert. “It’s not just computers that are providing criminals with their robot army; in 2016, we saw cyber criminals making increasing use of smartphones and Internet of Things (IoT) devices to strengthen their botnet ranks. Servers also offer a much larger bandwidth capacity for a DDoS attack than traditional consumer PCs.”

In fact, IoT devices may be part of the uptick in global bot infections in 2016. During its peak last year, when the Mirai botnet - made up of almost half a million connected devices such as IP cameras and home routers - was expanding rapidly, attacks on IoT devices were taking place every two minutes.

Vulnerabilities Stateside

In the United States, Chicago and Washington D.C. lead the way in botnets, hosting 4.6 percent and 4.1 percent of the United States’ bot population, respectively, containing more bots per capita than the countries of Belgium, Sri Lanka and Austria.

United States     Country %
Chicago, IL     4.69%
Washington, D.C.     4.13%
Atlanta, GA     3.49%
Ashburn, VA     3.23%
New York, NY     3.22%
Portland, OR     3.18%
Los Angeles, CA     2.02%
Las Vegas, NV     1.98%
San Jose, CA     1.96%
Tampa, FL     1.57%

Kevin Haley, security expert at Symantec, explains, “The size of a bot population can depend on many factors, but cities where there is a large number of Internet-connected devices, such as computers or servers, or where there has been a recent uptick in the acquisition of high-speed, internet-connected devices, seem to be lucrative sources for cybercriminals to infect.”

While size and location maintain a correlation, where a bot resides isn’t indicative of where its creator may live. Since botnets are global in nature, an infected device in the United States, for example, could contribute to an attack in Asia and be controlled by a cybercriminal somewhere in Europe.

Warning Signs and Tips to Stay Protected:

Bots sneak onto a person’s device in many ways. The malware is often mistakenly downloaded through links or malicious file attachments when opening an email or social media message. Botnets can also sneak onto devices when a user has visited a compromised website. A bot might cause a device to slow down, display mysterious messages, or even crash for no apparent reason. Consumers should run a full diagnostic if any warning signs appear.

To safeguard against malicious bots:

• Install robust security software and firewalls to secure your device.

• Never ignore system updates. Configure your software's settings to update automatically to make the most of patches and fixes that vendors provide.

• Never click on file attachments within emails or messages unless you can verify the source of the attachment is legitimate. Be particularly wary of file attachments that prompt users to enable macros.

• Use a long and complex password that contains numbers and symbols and never use the same password for multiple services.

• Enable advanced account security features, like two factor authentication and login notification, if available.

Terms of Use | Copyright © 2002 - 2017 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement