Coalition has released new data that showed that, in 2023, the company’s United Kingdom honeypots (sensors) were attacked, on average, over 17 million times per day stemming from over one million unique threat actors.
Of the 5.8 billion attacks on its UK honeypots in 2023, 74% targeted Remote Desktop Protocol (RDP), a technology that employees who work from home use to connect to Microsoft Windows computers remotely. Attackers most frequently target RDP because it grants them relatively quick and easy access to devices, allowing them to execute further attacks, including accessing sensitive information, installing malware, and deploying ransomware.
Coalition UK security researcher Dr Simon Bell commented: “Nearly three-quarters of recorded attacks in 2023 resulted from RDP, which is a scary thought for businesses since remote working is here to stay. These attacks are extremely preventable and could potentially lead to disastrous interruption or financial losses. To reduce these risks, we recommend immediately disabling the service if it is not in use or limiting access to only the employees who need it.”
Coalition’s Security Labs team also observed attackers frequently exploiting open vulnerabilities in its honeypots. The most popular Common Vulnerabilities & Exposures (CVEs) that attackers attempted to exploit were identified pre-2023, including two vulnerabilities that impact F5 BIG-IP, a family of products covering software and hardware designed around application availability, access control, and security solutions.
Bell added: “Attackers will often target old vulnerabilities to exploit. This is partly due to the availability of public exploits for these vulnerabilities, giving hackers an available playbook for successfully executing an attack. This is also because attackers know organisations can be slow to patch their software, exposing their systems to these known vulnerabilities. Attackers can then take advantage of outdated software and easily accessible public exploits to attack such systems.
“In fact, Coalition found that policyholders with even one unresolved critical vulnerability were 33% more likely to experience a claim. We also discovered that policyholders who continued to use end-of-life software—products no longer supported by their original developers—were three times more likely to suffer from an incident.”