The Outpost24 research team have released the results of attack data gathered from a network of honeypots deployed to gather actionable threat intelligence. In total, 42 million attacks were registered between January 1st and September 30th 2022, with 20 honeypots evenly distributed around the world.
Honeypots are, in essence, a trap. They are a decoy system (computer, network, or software) imitating a genuine system to attract malicious users and collect information about how they operate. This information aids in developing defences for production systems – blocking known attack IPs, specific network traffic, and geolocations, in addition to gaining an understanding of hacker’s activity within a network and preventing their strategies.
Key findings from the report include:
Brute force attacks were the most repeated attack type with 73,860 total number of attacking IPs.
Default credentials (username: root, password: root) were counted over 5.5 million times in brute force attempts
Port 445 and 22 were the most targeted ports, this corresponds to Windows and Linux remote administration services.
It is perhaps unsurprising that brute force attacks – one of the most rudimentary attack methods, and one which involves attackers systematically guessing credentials – was the most repeated. Outpost 24’s researchers noted that many of the attacks involved variations on the word ‘password’ or incremental numbers as the guessed credentials, suggesting that attackers were primarily targeting low-hanging fruit.
As far as attack map goes, Outpost 24 were quick to point out that attackers generally use VPNs to obfuscate their IP address and, by extension, geographical location. It is nonetheless interesting that the top five countries with the most attack ..
Support the originator by clicking the read the rest link below.
