Coalition has released data revealing that its UK honeypots, or security sensors, faced an average of over 17 million attacks daily in 2023. These attacks were orchestrated by over one million unique threat actors, indicating a high level of digital risk exposure.
The company’s analysis of 5.8 billion attacks on its UK honeypots in 2023 shows that a significant 74% of these targeted the remote desktop protocol (RDP). RDP is commonly used by remote employees to access Microsoft Windows computers. This technology is frequently attacked as it offers intruders relatively straightforward and rapid device access, enabling them to conduct further attacks, including data theft, malware installation, and ransomware deployment.
Dr Simon Bell (pictured above), a security researcher at Coalition UK, expressed concern over the prevalence of RDP-targeted attacks, especially given the permanence of remote working.
“These attacks are extremely preventable and could potentially lead to disastrous interruption or financial losses. To reduce these risks, we recommend immediately disabling the service if it is not in use or limiting access to only the employees who need it,” Bell said.
In addition, Coalition’s Security Labs team noticed a trend of attackers exploiting open vulnerabilities in its honeypots. The most frequently targeted common vulnerabilities and exposures (CVEs) were identified before 2023, including two vulnerabilities affecting F5 BIG-IP, a range of software and hardware solutions focused on application availability, access control, and security.
“Attackers will often target old vulnerabilities to exploit,” Bell said. “This is partly due to the availability of public exploits for these vulnerabilities, giving hackers an available playbook for successfully executing an attack. This is also because attackers know organisations can be slow to patch their software, exposing their systems to these known vulnerabilities. Attackers can then take advantage of outdated software and easily accessible public exploits to attack such systems.”
Coalition’s findings also revealed a correlation between unresolved vulnerabilities and the likelihood of insurance claims. Policyholders with at least one unaddressed critical vulnerability were 33% more likely to file a claim. Moreover, the use of end-of-life software, which is no longer supported by its developers, was found to triple the chances of an incident occurring.
What are your thoughts on this story? Please feel free to share your comments below.
