Which are principal cities hostages of malicious botnets?

Which are principal cities hostages of malicious botnets? Symantec has tried to reply the difficult questions with an interesting study.

It is not a mystery, there is a strict link between cybercrime and Geography. Cyber criminal organization used different tactics and offer different products depending on the country where they operate. Russian criminal communities specialize in the sale of payment card data and hacking services, the Chinese ones focus on mobile meanwhile the Brazilian crooks shows great expertise in the banking trojan.

Today I desire to present the findings of an interesting research conducted by Symantec on the botnet diffusion. Let me highlight that botnet location doesn’t mean that the country also hosts control infrastructure neither that criminal organizations live in the same area.

“This map reveals which countries and cities unwittingly played host to the most bot-infected devices, such as PCs, Macs, smartphones, tablets and connected home devices, across Europe, the Middle East and Africa (EMEA) in 2015.” states Symantec. “The rankings, tables and percentages are determined by total bot volumes for each country and city. The measure of ‘Bot density’ refers to a comparison of the bot population to the number of internet users in any given country or city, and calculated by dividing the amount of internet users, as reported by Internet World Stats on September 20, 2016, by total number of unique bot infections detected in a given city or country in 2015.”

The experts of the security firm discovered that the Turkey (18.5% of EMEA’s total bot population) there is the highest number of infected machines recruited in botnets, Istanbul and the capital city Ankara contain the highest number of botnet controlled devices in EMEA.

Bad news for my country, Italy is at the second place (9.8% of EMEA’s total bot population) followed by the Hungary at the third place (9.1%
of EMEA’s total bot population), Rome is third in the ranking of  places with highest bot population, followed by Budapest and Szeged.

The availability of botnets for sale and rent is a precious commodity for cyber criminal organizations that could use them for many illegal activities, such as DDoS attacks and spam campaigns.

In many cases, botnets are composed of compromised IoT devices (i.e.  Cameras, routers, modems, and sensors) that could be used to launch powerful attacks.

Hungary ranks as the top country for bot density, Hungarian Internet users have a one in 393 chance of using a compromised device that is part of a botnet, meanwhile, in Italy the experts have found one bot for every 1829 internet users.

It is curious the data related to the principality of Monaco where people have the second largest chance of one of their devices being recruited in a botnet. Internet users in the principality have a one in 457 chance of owning a bot.

Give a look at the interactive map, by clicking on a country it is possible to see all the data collected in the study.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – botnet, cybercrime)