The Honey Trap
New research has shown that cyber criminals ‘begin attacking servers newly online about an hour after they have been switched on’, according to BBC experiment.
The recent experiment was actioned to discover the cyber challenges faced each day. Cybereason confirmed:
‘About 71 minutes after the servers were set up online they were visited by automated attack tools that scanned them for weaknesses they could exploit’
The servers were then subjected to constant attacks by the assault tools once discovered.
The experiment was run as a ‘honeypot’ trap and the servers had real, public, IP addresses but could provide only a basic response, to ensure they were realistic but harmless. Many security firms are using this honeypot tool to understand hacker techniques and actively improve defence strategies.
The BBC revealed that during the experiment:
- 17% of the attack bots were scrapers that sought to suck up all the web content they found
- 37% looked for vulnerabilities in web apps or tried well-known admin passwords
- 10% checked for bugs in web applications the servers might have been running
- 29% tried to get at user accounts using brute force techniques that tried commonly used passwords
- 7% sought loopholes in the operating system software the servers were supposedly running
Cybereason confirmed ‘this was a very typical pattern for these automatic bots, they used similar techniques to those we’ve seen before. There’s nothing particularly new.’
The BBC also explored the rate at which phishing emails targeting new employees occur. Cybereason planted 100 email lists with illegitimate addresses to see what would happen, and after 21 hours, the first of many emails landed in the inbox of the fake employees. 15% of these emails contained a comprising webpage link and the other 85% had malicious attachments.
[Source: BBC news artical, published 2nd September 2017. Available: http://www.bbc.co.uk/news/technology-40850174]