GCC countries unwitting host to millions of bots
Norton study reveals the cities that make up the GCC’s botnet powerhouses
The GCC made up 11.4% of the Middle East’s total bot population, according to a new study by Norton that examined which countries and cities unwittingly played host to the greatest number of bot infections.
Riyadh, Kingdom of Saudi Arabia, ranked as the number one city in the GCC for the highest source of bot infections with 43.1% of bots in the GCC. The Saudi capital ranked as the fourth most afflicted city in the Middle East. Dubai ranked second most bot infected city in the GCC with 24.7% and 6th in the Middle East while Kuwait City ranked third in the GCC and 10th in the Middle East with 13.2%.
A year on after Mirai, the first major worldwide botnet attack, the global botnet has grown and 6.7 million more bots joined the global botnet in 2016.
“The GCC is widely considered a region that adopts new technologies more readily when compared to other global markets. But there seems to be a limited awareness amongst consumers about the various risks associated with using internet connected devices. In fact, more than 2.53 million consumers in the UAE were victims of online crime in the past year, and bots and botnets are a key tool in the cyber attacker’s arsenal,” commented Tamim Taufiq, head of Norton Middle East.
Bots are Internet-connected devices of any kind, such as laptops, phones, IoT devices, baby monitors, etc. infected with malware that allow hackers to remotely take control of many devices at a time, typically without any knowledge of the device owner. Combined, these devices form powerful bot networks (botnets) that can spread malware, generate spam, and commit other types of crime and fraud online.
“It’s not just computers that are providing criminals with their robot army; in 2016, we saw cyber criminals making increasing use of smartphones and Internet of Things (IoT) devices to strengthen their botnet ranks. Servers also offer a much larger bandwidth capacity for a DDoS attack than traditional consumer PCs,” added Taufiq.
In fact, IoT devices may be part of the uptick in global bot infections in 2016. During its peak last year, when the Mirai botnet - made up of almost half a million Internet-connected devices such as IP cameras and home routers - was expanding rapidly - attacks on IoT devices were taking place every two minutes. Unbeknownst to the device owners, one in 50 IoT attacks originated from devices in the Middle East alone. The UAE accounted for 5% of IoT attacks coming from the Middle East in 2016.
The ratio of bots per internet connected user in the GCC was significant as well. There is one bot for every 20 internet users in Kuwait; one bot for every 28 internet users in the UAE; and one bot for every 35 internet users in KSA. The number is lower for Oman where there is 1 bot for every 50 internet users.
However, where a bot resides is not indicative of where its creator may live - an infected device in Dubai, for example, could contribute to an attack in the Asia, and be controlled by a cybercriminal somewhere in the United States.