The Outpost24 research team have released the results of attack data gathered from a network of honeypots deployed to gather actionable threat intelligence.
In total, 42 million attacks were registered between January 1 and September 30 2022, with 20 honeypots evenly distributed around the world.
A detailed research report, uncovered the following key attack findings:
• Brute force attacks were the most repeated attack type with 73,860 total number of attacking IPs.
• Default credentials (username: root, password: root) were counted over 5.5 million times in brute force attempts.
• Port 445 and 22 were the most targeted ports, this corresponds to Windows and Linux remote administration services.
A honeypot is a decoy system (computer, network, or software) that imitates a real system to attract malicious users and collect information about how they operate. The collected information allows administrators to develop the right defences on production systems, like blocking known attack IPs, specific network traffic and geolocations, as well as understanding how hackers operate within a network and prevent their strategies.
The Outpost24 research found that the most attack attempts registered against its honeypots came from IP addresses in Russia, United States and China. The research report also provides analysis of the captured data, including the credentials used in brute force attacks, targeted protocols and explanations about the types of honeypots.