LinkedIn
Twitter☰
CRETAN SECURITY OPERATIONS CENTER
CRETAN SECURITY OPERATIONS CENTER
CRETAN SECURITY OPERATIONS CENTER
Our honeypots are being hammered with attacks both day and night. We get roughly 150,000 attacks every three hours. This is how the attacks look like for a period of one week:
Although there are some peaks and troughs, the intensity of attacks ranges does not fall below 100,000 attacks every three-hour interval – which is about half of the maximum intensity we see of roughly 200,000 attacks every three hours. Focusing on attacks coming from a single country shows something like a diurnal cycle with a noticeable difference between peaks and troughs:
But, when averaging over all countries, the differences collapse. So, do attackers sleep at night? We do not really know, but we do know that attacks continue with ferocious intensity both day and night.
C-SOC has been operating a honeypot infrastructure that is being used to study attackers and their attack patterns. It is impressive to see the volume of attacks we receive. On the average we receive more than 55,000 attacks per hour coming from 1,300 (unique) IP addresses. The attackers want to log in our systems trying various usernames and passwords. The most common username tried was “root” and the most common password “123456”. Although these obvious passwords can be easily caught, attackers use non-obvious combinations of user names and passwords, most probably taken from past password leaks of vulnerable web sites.
Funded by the European Union. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or the European Cybersecurity Competence Centre. Neither the European Union nor the European Cybersecurity Competence Centre can be held responsible for them.