Botnets are widespread worldwide, serving whichever purpose they were designed to, and the United States is one of the largest sources of botnet attacks. Across the country, Chicago and Washington D.C. are home to the largest number of bots (infected hosts), Symantec has discovered.
According to the security company, Chicago currently hosts 4.69% of the bots in the U. S., while Washington, D.C. hosts 4.13% of them. Atlanta is placed third, with 3.49% of the bots, followed by Ashburn (3.23%) and New York (3.22%). Portland (3.18%), Los Angeles (2.02%), Las Vegas (1.98%), San Jose (1.96%), and Tampa (1.57%) round up top 10.
These bots represent Internet-connected devices of any kind (including laptops, phones, connected devices, baby monitors, servers, etc.), which can be remotely controlled by attackers after being infected with malware. Based on the malware infecting them and on their operators, these devices work together in networks called botnets.
The bots are usually remotely controlled without the knowledge of their owners. Botnet sizes range from hundreds or thousands of infected devices to hundreds of thousands or even millions of bots. They can be used to spread malware, send spam emails, perform distributed denial of service (DDoS) attacks, or perform other types of online crime.
In 2016, botnets such as Mirai or Bashlite brought to the spotlight the danger poorly secured Internet of Things (IoT) devices pose when they become part of botnets. Mirai alone infected around half a million IoT devices and abused them to launch some of the largest DDoS attacks in history.
Last year alone, the number of bots that was added to the global botnet was of 6.7 million, Symantec says.
“More than 689 million people were victims of online crime in the past year, and bots and botnets are a key tool in the cyber attacker’s arsenal. It’s not just computers that are providing criminals with their robot army; in 2016, we saw cyber criminals making increasing use of smartphones and Internet of Things (IoT) devices to strengthen their botnet ranks. Servers also offer a much larger bandwidth capacity for a DDoS attack than traditional consumer PCs,” Candid Wueest, Norton Security expert, says.
According to Kevin Haley, security expert at Symantec, the size of bot population is usually growing in cities where a large number of Internet-connected devices exists, or where the number of high-speed, Internet-connected devices is increasing.
However, although the size and location of a botnet might be connected, they are not indicative of where the operator lives, Symantec points out. Botnets are global in nature and infected devices from any country could be used to hit targets in any other country, while being controlled by an actor living in a completely different area.
When it comes to botnets, infection vectors differ from a device to another. Malicious links, malicious attachments in emails or social media messages, and compromised websites can all be used to infect devices. Some attackers might use automated tools to find and directly target vulnerable devices, as it happened with Mirai.