With the global botnet growing by 6.7 million in 2016, new research reveals that the GCC made up nearly 11.4 per cent of the Middle East’s total bot population.
A year on from the Mirai botnet’s first major attack – which brought much of the internet to a standstill – a report by cybersecurity company Norton by Symantec reveals how the global botnet has grown and which countries and cities unwittingly played host to the greatest number of bot infections.
The report shows that 6.7 million more bots joined the global botnet in 2016, and the Gulf Cooperation Council (GCC) made up nearly 11.4 per cent of the Middle East’s total bot population.
According to global research from Norton:
> Riyadh in Saudi Arabia ranked #1 city in the GCC for the highest source of bot infections. It also ranked as the 4th city in the Middle East with 43.1 per cent of bots in the region
> Dubai ranked #2 most bot-infected city in the GCC and 6th in the Middle East with 24.7 per cent of bots in the region
> Kuwait City ranked #3 most bot-infected city in the GCC and 10th in the Middle East with 13.2 per cent of bots in the region
Bots are Internet-connected devices of any kind, such as laptops, phones, IoT devices, baby monitors, etc. infected with malware that allows hackers to remotely take control of many devices at a time, typically without any knowledge of the device owner. Combined, these devices form powerful bot networks (botnets) that can spread malware, generate spam, and commit other types of crime and fraud online.
“The GCC is widely considered a region that adopts new technologies more readily when compared to other global markets. But there seems to be a limited awareness amongst consumers about the various risks associated with using internet-connected devices. In fact, more than 2.53 million consumers in the UAE were victims of online crime in the past year, and bots and botnets are a key tool in the cyber attacker’s arsenal,” said Tamim Taufiq, Head of Norton Middle East.
“It’s not just computers that are providing criminals with their robot army; in 2016, we saw cybercriminals making increasing use of smartphones and Internet of Things (IoT) devices to strengthen their botnet ranks. Servers also offer a much larger bandwidth capacity for a DDoS attack than traditional consumer PCs,” added Taufiq.
In fact, IoT devices may be part of the uptick in global bot infections in 2016. During its peak last year, when the Mirai botnet – made up of almost half a million Internet-connected devices such as IP cameras and home routers – was expanding rapidly, attacks on IoT devices were taking place every two minutes. Unbeknownst to the device owners, one in 50 IoT attacks originated from devices in the Middle East alone. The UAE accounted for five per cent of IoT attacks coming from the Middle East in 2016.
The ratio of bots per internet connected user in the GCC was significant as well. There is one bot for every 20 internet users in Kuwait; one bot for every 28 internet users in the UAE; and one bot for every 35 internet users in KSA. The number is lower for Oman where there is 1 bot for every 50 internet users.
However, where a bot resides is not indicative of where its creator may live – an infected device in Dubai, for example, could contribute to an attack in the Asia, and be controlled by a cybercriminal somewhere in the United States.
Warning signs and tips to stay protected:
A bot might cause a device to slow down, display mysterious messages, or even crash for no apparent reason. Consumers should run a full diagnostic if any warning signs appear.
To safeguard against malicious bots:
> Install robust security software and firewalls to secure your device
> Never ignore system updates. Configure your software’s settings to update automatically to make the most of patches and fixes that vendors provide
> Never click on file attachments within emails or messages unless you can verify the source of the attachment is legitimate. Be particularly wary of Microsoft Office attachments that prompt users to enable macros
> Use a long and complex password that contains numbers and symbols and never use the same password for multiple services
> Enable advanced account security features, like two-factor authorisation and login notification, if available
> Increase the security settings of your browser and devices
> Always log out of your session when done