SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Ransomware
#
Network Security
#
Cybersecurity

Public IP faces 2,266 attacks in Spitfire honeypot test

Today
Author image
By Kaleah Salmon, Journalist

Spitfire Network Services has revealed the results of a 'Honeypot' experiment, where a public IP address was subjected to a staggering 2,266 attacks within a single hour.

The company conducted this experiment to demonstrate the vulnerabilities that arise when a public IP address is exposed to the Internet. Using a virtual machine on the Azure platform, Spitfire set up the 'Honeypot' as part of its security system to attract cybercriminals into a trap. The simulation occurred during a one-hour window in the middle of the day.

The rapidly increasing interconnectivity of applications and endpoints makes the need for port forwarding, remote access, and overall reachability more significant than ever. This also heightens the potential attack vectors that third parties can use to infiltrate exposed business networks.

During the experiment, Spitfire used different monitoring tools to categorise the attacks. These included 'Cowrie' for logging attacks against SSH and Telnet, which identified brute-force attacks that typically use dictionary-based methods. Attackers often attempt entry using common usernames and passwords. Additionally, 'Dionaea' was used to capture Server Message Block (SMB) exploits, and 'Conpot' served as a honeypot for industrial control systems, listening to common ports used within those networks.

Analysis of the attack origins revealed that most attempts came from the United States, followed by the UK, China, India, and South Korea.

Harry Bowlby, Managing Director at Spitfire Network Services, underscored the critical importance of securing devices exposed to the Internet. Bowlby stated, "If IT leaders wish to have any devices exposed to the Internet, making sure devices are locked down is of the utmost importance. Once an attacker has access to a single device on a network, they can use that to then infiltrate other devices in that network."

"In the worst case scenario, malicious actors will make sure you are unaware of this vulnerability for as long as possible before potentially launching a ransomware attack on your network, which can be business critical from the interruption to business activity and the high financial cost of regeneration of lost data, the restoration of damaged IT systems, and should it be paid, the high financial cost of the ransom."

Bowlby further noted the dual-edged nature of interconnected IT applications, pointing out, "The immense benefits of networking IT applications can be threatened by the consequent increased security risk. Although a range of security measures can be implemented at each endpoint an excellent first defence is a secure private network, which makes endpoints and applications invisible and unreachable to bad actors. This has been used for many years in a fixed line environment, but not in mobile."

The findings from the 'Honeypot' experiment highlight the urgent need for organisations to implement robust security measures and consider secure private networking to safeguard against potential cyber threats.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Experts stress importance of data privacy in AI era
Cybersecurity & tech integration top priority for 2025
IT leaders prioritise cybersecurity & data management
BackBox launches new platform for network resilience in 2024
Cyber threats surging for finance & insurance sectors
Top stories
Data Privacy Day underscores data protection importance
AI-fuelled bank scams rise, impersonating officials with ease
VIPRE report reveals 90% of emails in 2024 were spam
Kaspersky warns of surge in Chinese New Year scams
Obsidian report reveals 300% surge in SaaS breaches