CybersecurityManagementSecurity NewswireCybersecurity News

Unsecured computer attacked 51 times per minute

cyber endpoint data
April 26, 2021

Comparitech researchers set up honeypots on the web to lure in attackers and record their actions. They recorded 73,000 attacks in 24 hours. 

The honeypots were left unsecured so that no authentication was required to access and attack it. Using this method, Comparitech researchers sought to find out which types of attacks would occur, at what frequency, and where they come from. 

In total, researchers recorded more than 73,000 attacks in a 24-hour period, or 51 attacks per minute. Back in 2007, an University of Maryland study recorded 2,244 attacks per day, a fraction of hat Comparitech researchers recorded in 2021. 

Researchers found brute force SSH attacks were by far and aw the most common against the honeypot the researchers set up. SSH, or Secure Shell, is an encrypted protocol used to remotely access computers, manage servers and execute scripts. Here is a breakdown of the top attack types recorded:

  • SSH brute force – Attempts to guess the passphrase for access to a server (57,763)
  • TCP/UDP attacks – Attacks on services that use these protocols and packets. (5,237)
  • Credential stealers – Malware scans the victim device for passwords and authentication tokens (4,094)
  • RDP hijacking – Microsoft’s Remote Desktop Protocol can be compromised, giving attackers full remote control over a Windows device (2,204)
  • Shellcode attacks – Attacks that attempt to remotely execute attacker’s code on the victim device, usually to exploit a software vulnerability (2024)
  • ADB attacks – Attacks that leverage unsecured Android Debug Bridges, a command-line tool for Android devices including phones, streaming devices, and smart TVs
  • Cisco ASA CVE exploitation or DoS – A specific attack that targets unpatched Cisco devices.
  • Web attacks – Mostly attackers stealing credentials from web pages
  • SMTP attacks – attacks on email servers and clients.

The top three ports attacked in descending order were 5900 (VNC), 22 (SSH), and 443 (HTTPS).

About 98% of the attackers' originating IP addresses were already in publicly-available blacklists. Researchers recorded attempts at unauthorized access from bots and crawlers (3), mass scanners (85), Tor exit nodes (101), and some disreputable IPs flagged by our monitoring tool (614). About two-thirds of the attacks came from unknown operating systems, which includes Macs among others. Of those we do know, 9.5% came from Windows devices, and 17.5% came from Linux devices.

Tracing an attack back to a specific country is a bit dubious, as many, if not most, attackers will use proxies to hide themselves. That being said, here’s the breakdown of attackers’ originating IPs by country:

  1. China – 32%
  2. Russia – 19%
  3. USA – 15%
  4. France – 7%
  5. Singapore – 5.5%
  6. Ireland – 5.5%
  7. Brazil – 4%
  8. Ukraine – 4%
  9. India – 4%
  10. South Korea – 3%

For the full blog and more findings, please visit https://www.comparitech.com/blog/information-security/honeypot-computer-study/

KEYWORDS: cyber security data breach password risk management

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Related Articles

Events

View AllSubmit An Event
  • August 27, 2025

    Risk Mitigation as a Competitive Edge

    In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.
View AllSubmit An Event

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!