What Is a Zombie Army That Attacks Over 300,000 Times a Day?
Among cyber threats, the so-called botnet or zombie army activity has risen significantly, attacking companies operating in various sectors over 28 million times in the third quarter, according to data from Telia, Estonia's largest IT and telecommunications company.
According to Telia Security Network data, network traffic related to botnets or zombie armies has increased by as much as 160% compared to the second quarter. While in the previous quarter there were approximately 11 million bots out of 269 million blocked attacks, in the third quarter this number already exceeded 28 million. The number of registered security incidents, however, decreased to 254 million compared to the previous period.
"Last year at this time, Security Network blocked malicious web robots 4.8 million times. This means that criminals are using botnets increasingly intensively. Therefore, the risk that a bot controlled remotely by a malicious person is sitting in a company's network is growing," warns Kristjan Aljas, cybersecurity solutions architect at Telia.
What is a botnet or this ominously named zombie army? "A botnet is a computer network consisting of many devices infected with malware (computers, servers, smartphones), but also other internet-connected devices, such as home and kitchen appliances," explains Aljas. "First, criminals infect the device with malware, using, for example, malicious email attachments or security vulnerabilities. Then they connect all infected devices to a command center and begin using the created army for various attacks."
According to Aljas, a botnet or zombie army can carry out extensive attacks within a company's internal network, distribute information there to bad actors, but also use the company's resources to attack someone else or create additional bots.
Avoiding bots is possible if, in addition to correct network architecture, one also monitors what happens there, regularly updates software and obtains it from trusted partners, and uses appropriate cybersecurity software on devices.
"Additionally, it's worth remembering that on October 14th, Microsoft Windows 10 support ends, which means that those who don't update their software to Windows 11 create a favorable opportunity for malicious people to infect devices and use them as bots," warns Aljas.
An average of 2.8 million attack attempts per day
While the share of bots increased the most in the third quarter, numerically companies were still plagued most by external attack attempts on connections and devices, which were blocked 136 million times, and malware or phishing-related web visits 89 million times. Denial-of-service attacks increased by nearly 64% compared to the second quarter, totaling nearly 2 petabytes. Virus detections, which Security Network blocked 50,085 times, were also up nearly 93% in the third quarter.
According to Telia data, criminals were most active in July, when different security incidents were registered 94.5 million times. In August and September, there were 73.7 and 85.6 million attack incidents respectively. This means that on average, there are 2.8 million security incidents per day.
Trade and real estate continue to be in focus
For a long time, the most attacks have been directed at wholesale and retail companies, which in the third quarter were blocked 74 million times, or 118% more than in the second quarter. Criminals are also interested in real estate-related companies, which were targeted with nearly 23 million attack attempts. For the first time, companies operating in the information and communications sector also made the top three, which were targeted with nearly 13 million attack attempts, which is 92% more compared to the previous period.
