The Outpost24 research team have released the results of attack data gathered from a network of honeypots deployed to gather actionable threat intelligence. In total, 42 million attacks were registered between January 1st and September 30th 2022, with 20 honeypots evenly distributed around the world.
Honeypots are, in essence, a trap. They are a decoy system (computer, network, or software) imitating a genuine system to attract malicious users and collect information about how they operate. This information aids in developing defences for production systems – blocking known attack IPs, specific network traffic, and geolocations, in addition to gaining an understanding of hacker’s activity within a network and preventing their strategies.
Key findings from the report include:
- Brute force attacks were the most repeated attack type with 73,860 total number of attacking IPs.
- Default credentials (username: root, password: root) were counted over 5.5 million times in brute force attempts
- Port 445 and 22 were the most targeted ports, this corresponds to Windows and Linux remote administration services.
It is perhaps unsurprising that brute force attacks – one of the most rudimentary attack methods, and one which involves attackers systematically guessing credentials – was the most repeated. Outpost 24’s researchers noted that many of the attacks involved variations on the word ‘password’ or incremental numbers as the guessed credentials, suggesting that attackers were primarily targeting low-hanging fruit.
As far as attack map goes, Outpost 24 were quick to point out that attackers generally use VPNs to obfuscate their IP address and, by extension, geographical location. It is nonetheless interesting that the top five countries with the most attack attempts against Outpost 24’s honepots were:
- United States
Outpost 24’s research is somewhat unique in that it provides actionable advice. For example, the extracted credentials make it possible to apply password policies that block the use of vulnerable credentials and reduce the risk of a successful login attempt.
“Honeypots are an essential part of threat intelligence gathering and provide us with a critical source of fresh, real- world threat data to better understand our adversaries”, said Guillermo García, Head of Offsec at Outpost24. “The most frequent attack vectors in our study confirm that whilst cybercriminals are constantly looking for new opportunities to exploit technical and human vulnerabilities, known and easily fixable weaknesses like default credentials and open ports are just as dangerous. It further highlights the need for organisations to constantly monitor external threats and attack surface risk.”
The Outpost24 group is pioneering cyber risk management with vulnerability management, application security testing, threat intelligence and access management – in a single solution. Over 2,500 customers in more than 65 countries trust Outpost24’s unified solution to identify vulnerabilities, monitor external threats and reduce the attack surface with speed and confidence. Delivered through our cloud platform with powerful automation supported by our cyber security experts, Outpost24 enables organisations to improve business outcomes by focusing on the cyber risk that matters.