Turkey, the subject of several attacks from hacktivist groups in 2015, had far and away the largest number of bots in EMEA. Turkey’s number of unique infections was almost double that of the nearest country. Fourth in the global rankings, Turkey made up 18.5% of EMEA’s bot population and 4.5% of the world’s.
The United Kingdom was the seventh most bot-infected country, when looking at total bot population. Metropolitan London homed the majority of those, with 19% of the UK’s total. Milton Keynes, made an unlikely bid for fame by being the 4th most populous city for bots. Sheffield and Oxford ranked second and third respectively.
Despite the number of missives from Nigerian princes about their financial woes, Nigeria ranked 94th for bot density with one bot for almost every 2.1 million internet users. African countries generally ranked fairly low for density of their bot populations amongst their internet users compared to their European and Middle Eastern counterparts, despite the comparatively smaller populations of internet users.
“The size of a bot population can depend on many factors, but markets and cities where there has been a recent uptick in high-speed, internet connected devices certainly creates new, lucrative sources of bandwidth for cybercriminals to compromise.” commented Nick Shaw, Vice President and General Manager, EMEA, Norton. “But it’s not just infected PCs that are providing criminals with their robot army. We’ve recently seen criminals making increasing use of mobile and home connected devices, or the Internet of Things (IoT), and Macs to strengthen their botnet ranks.
Russia, with the largest number of internet users in EMEA, had the ninth largest bot population, 37% of which coming from Moscow. When comparing Russia’s bot population to its vast number of internet users it ranked 38th, with one bot for every 9,060 people.
Rome’s bot population was the third highest amongst EMEA cities. Its 2.8% share of total EMEA bots helped secure Italy’s second place ranking for total bot population. Rome’s bot population was such that if counted as a country it would place 11th in the top most bot-infected countries. With 1,829 internet users for every unique infection, Italy ranked 8th in the bot density ranking.
Hungary lead the table for the density of its bot population but was third in EMEA’s country by country ranking for total bot population. Hungarian internet users had a one in 393 chance of using a device that is part of a botnet, presenting a considerably higher risk than other countries. Budapest and Szeged played host to the lion’s share of the Hungarian bots with 30% and 25% of the country’s bots calling it their home. The bot populations of these individual cities also outrank a significant proportion of nations. Budapest and Szeged would rank 11th and 12th respectively if compared to entire countries’ bot populations.
The comparatively tiny principality of Monaco was second when reviewing bot density. Its significantly smaller internet connected populace meant that internet users in Monaco had approximately a one in 457 chance of using a ‘zombie’ device used by cybercriminals to launch attacks and spread spam.
“Where a bot resides isn’t indicative of where its controlling cybercriminal may live. Botnets are global in nature, and an infected device in Europe could contribute to an attack in Asia, controlled by a cybercriminal in North America. We’d probably have bots attacking from the Antarctic if there was more bandwidth there,” commented Paul Wood, head of cybersecurity research at Symantec. “Cybercriminals can either corral a botnet themselves, or hire one through specialised forums or networks. Rental can be priced by the hour, sheer volume and power of infected devices.”
