Remote desktop connections are so powerful a magnet for hackers that an exposed connection can average more than 37,000 times every day from various IP addresses.
During this phase, the attacks are automated. But once they get the right access credentials, the hackers start searching for important or sensitive files manually.
An experiment using high-interaction honeypots with an RDP connection accessible from the public web shows how relentless attackers are and that they operate within a daily schedule very much like working office hours.
Over three months, the researchers at GoSecure, a threat hunting and response company with headquarters in the U.S. and Canada, recorded close to 3.5 million login attempts to their RDP honeypot system.
Andreanne Bergeron, a cybersecurity researcher at GoSecure, explained at the NorthSec cybersecurity conference in Montreal, Canada, that the honeypots are linked to a research program that aims to understand attacker strategies that could be translated into prevention advice.
The honeypot has been functioning on and off for more than three years and running steadily for over a year but the data collected for the presentation represents only three months, between July 1 and September 30, 2022.
During this time, the honeypot was hit 3,427,611 times from more than 1,500 IP addresses. However, the attack count for the entire year reached 13 million login attempts.
Full Link ( Here )
© CopyRights RawNews1st
