Home SECURITY The banking system was attacked 3.5 million times in 3 months using brute force

The banking system was attacked 3.5 million times in 3 months using brute force

0
The banking system was attacked 3.5 million times in 3 months using brute force

[ad_1]

The banking system was attacked 3.5 million times in 3 months using brute force

GoSecure’s experiment showed how hackers work and what country servers they use.

Remote Desktop Protocol (RDP) attracts hackers so strongly that an open connection can receive an average of over 37,000 hack attempts per day from different IP addresses.

An experiment using honeypots with an RDP connection available from the Internet shows how persistent the attackers are and that they work on a schedule very similar to a normal work day.

GoSecure said honeypots are a research program aimed at understanding hacker strategies that could be translated into threat prevention recommendations.

Within three months, researchers from the information security company GoSecure recorded about 3.5 million attempts to enter their honeypot with RDP.

Honeypot has been operating intermittently for more than 3 years and stably for more than a year, but the data collected covers only 3 months – from July 1 to September 30, 2022. During this period, the honeypot was attacked 3,427,611 times from over 1500 IP addresses. However, the number of attacks for the entire year reached 13 million login attempts.

To attract attackers, the researchers named the system so that it appeared to be part of a banking network.

As expected, the attackers used the method brute force, and the most common username was “Administrator” and its variations. In 60,000 hacks, attackers conducted reconnaissance before guessing a login.



The most common user logins in the attackers’ searches

The honeypot system collected password hashes, and the researchers were able to recover the weaker ones. The most common passwords are variations on the word “password” and a simple ten-digit string.

Notably, login attempts came from IP addresses from China (98%) and Russia (2%). However, this does not mean that the attackers are located in these countries. Probably, hackers use the infrastructure in these countries. In addition, 15% of the attackers combined thousands of passwords with only 5 usernames.

The human involvement in the attack became more apparent after the initial phase of password cracking, when the hackers began searching the system for valuable data.

Even though the researchers lowered the difficulty of logging into the honeypot with an admin/admin credential pair, only 25% of hackers began to probe the machine for important files. However, the bait initially did not contain any data. In the future, experts plan to fill the honeypot with fake corporate files and implement a system for tracking the actions of attackers.

[ad_2]

Source link

www.securitylab.ru

LEAVE A REPLY

Please enter your comment!
Please enter your name here