Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

These Cities House the Largest Bot Populations in the U.S.

Botnets are widespread worldwide, serving whichever purpose they were designed to, and the United States is one of the largest sources of botnet attacks. Across the country, Chicago and Washington D.C. are home to the largest number of bots (infected hosts), Symantec has discovered.

Botnets are widespread worldwide, serving whichever purpose they were designed to, and the United States is one of the largest sources of botnet attacks. Across the country, Chicago and Washington D.C. are home to the largest number of bots (infected hosts), Symantec has discovered.

According to the security company, Chicago currently hosts 4.69% of the bots in the U. S., while Washington, D.C. hosts 4.13% of them. Atlanta is placed third, with 3.49% of the bots, followed by Ashburn (3.23%) and New York (3.22%). Portland (3.18%), Los Angeles (2.02%), Las Vegas (1.98%), San Jose (1.96%), and Tampa (1.57%) round up top 10.

These bots represent Internet-connected devices of any kind (including laptops, phones, connected devices, baby monitors, servers, etc.), which can be remotely controlled by attackers after being infected with malware. Based on the malware infecting them and on their operators, these devices work together in networks called botnets.

The bots are usually remotely controlled without the knowledge of their owners. Botnet sizes range from hundreds or thousands of infected devices to hundreds of thousands or even millions of bots. They can be used to spread malware, send spam emails, perform distributed denial of service (DDoS) attacks, or perform other types of online crime.

In 2016, botnets such as Mirai or Bashlite brought to the spotlight the danger poorly secured Internet of Things (IoT) devices pose when they become part of botnets. Mirai alone infected around half a million IoT devices and abused them to launch some of the largest DDoS attacks in history.  

Last year alone, the number of bots that was added to the global botnet was of 6.7 million, Symantec says.

“More than 689 million people were victims of online crime in the past year, and bots and botnets are a key tool in the cyber attacker’s arsenal. It’s not just computers that are providing criminals with their robot army; in 2016, we saw cyber criminals making increasing use of smartphones and Internet of Things (IoT) devices to strengthen their botnet ranks. Servers also offer a much larger bandwidth capacity for a DDoS attack than traditional consumer PCs,” Candid Wueest, Norton Security expert, says.

According to Kevin Haley, security expert at Symantec, the size of bot population is usually growing in cities where a large number of Internet-connected devices exists, or where the number of high-speed, Internet-connected devices is increasing.

Advertisement. Scroll to continue reading.

However, although the size and location of a botnet might be connected, they are not indicative of where the operator lives, Symantec points out. Botnets are global in nature and infected devices from any country could be used to hit targets in any other country, while being controlled by an actor living in a completely different area.

When it comes to botnets, infection vectors differ from a device to another. Malicious links, malicious attachments in emails or social media messages, and compromised websites can all be used to infect devices. Some attackers might use automated tools to find and directly target vulnerable devices, as it happened with Mirai.

Related: Tech Firms Unite to Neutralize WireX Android Botnet

Related: US Takes Down Huge Botnet as Spain Arrests Notorious Russian Hacker

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.