Harmful actors are continually scouring the Internet for vulnerable services that may be used to gain access to internal networks or carry out other malicious acts.
Researchers sometimes develop publicly available honeypots to track what software and services are targeted by threat actors. Honeypots are servers that are set up to look like they’re running other software in order to monitor threat actors’ methods.
Researchers from Palo Alto Networks’ Unit 42 put up 320 honeypots in a recent study and discovered that 80 percent of them were hacked within the first 24 hours.
From July to August 2021, honeypots with the remote desktop protocol (RDP), secure shell protocol (SSH), server message block (SMB), and Postgres database services were deployed and maintained alive.
Honeypots were placed all over the world, including examples in North America, Asia, and Europe.
What Is the Attackers M.O.?
The length of time it takes to reach the first compromise is proportional to how specific the service type is.
The average time for the first compromise on SSH honeypots, which were the most targeted, was three hours, while the average time between two successive attacks was roughly two hours.
A prominent incidence of a threat actor compromising