Researchers Discover 20,000 Cyber Attacks Every 15 Minutes Using Cyber Honeypots

Cyber attacks are getting more sophisticated as we speak. As long as you are connected to the Internet, you can get attacked. It is time to chuck away this useless conviction that you are not interesting to cybercriminals. ALL information is valuable on the black market, and so if you use any Internet-connected device, that device could get breached, even if it’s just your fridge.

In fact, the Internet of Things is slowly becoming the focus of cybersecurity because you can seldom install security software on such devices. Therefore, they might be more vulnerable to various cyber attacks. To discover these infections, security specialists use honeypots, and they give a pretty clear picture of how grave the situation is. According to researchers at Kaspersky, within a little bit over a year, their honeypots recorded 20,000 infection sessions every 15 minutes.

The number of cyber attacks is clearly staggering, but you’re probably wondering what is a honeypot? Therefore, we’re going to look into this honeypot practice, and then we are going to go through the basic aspects of cyber attacks against IoT devices, and how you could protect them from hacks.

What is a honeypot?

The name itself sounds nice, doesn’t it? Almost like something you would definitely want to look into. That’s actually the point behind it because that’s what it is: Honeypot is a computer security mechanism, and it works like bait for cybercriminals, luring them out into the open. Security researchers use these mechanisms for hunting and detecting attackers.

It might be hard to imagine a honeypot visually, but it is enough to understand that it is an information system that looks like a legitimate part of a certain site. However, unlike the actual site, a honeypot is isolated and regularly monitored. So if anyone hacks into a honeypot, that attack is automatically blocked and logged.

David Chismon at F-Secure says that honeypots provide a solution to the “needle in the haystack” problem. For instance, if you want to detect an attack on your network, you need to go through all the connections within it, trying to determine which connections are there to steal your data. However, a honeypot is an isolated system, and the only connections recorded on it are the ones you need to either block or investigate.

There are three main types of honeypots. First, there are high-interaction honeypots. These honeypots are not as isolated as a regular honeypot. It is an actual system, and the activities on that system do not happen in a vacuum. It means that once a cyber attack is detected, it has to be restricted so that it wouldn’t affect other systems. High-interaction honeypots are clearly “high-maintenance,” but the good thing about them is that it is harder to identify the hosts using techniques, thus making it easier to convince the attacking scripts that a honeypot is a real device.

Then we have medium-interaction honeypots. Judging from the name, we can tell that these honeypots have less functionality than high-interaction honeypots, but they can still offer more than low-interaction honeypots. These mechanisms are created to simulate such services as Telnet and web servers. The attacker thinks that the honeypot is a vulnerable system, and they run their malicious payload. The downside of a low-interaction honeypot is that cybercriminals can easily identify them once they find out that the infection was not real. There are even lists of honeypot IPs being shared on the darknet, which shows that cybercriminals clearly want to avoid these systems as much as possible. After all, getting tricked into attacking a honeypot translates not only into a failed cyber attack. It might also lead to an identity reveal, which is not something a criminal is aiming for.

How honeypots help IoT

If it is now clearer what a honeypot is, let’s go back to the Kaspersky report, and see how their honeypot deployment could help us avoid cyber attacks against our smart devices. As mentioned, the number of attacks recorded on the Kaspersky’s honeypots was staggering, so we can only imagine how often cybercriminals try to breach our actual devices.

One of the reasons IoT devices are so attractive to cybercriminals is that they are a lot simpler than computers and mobile phones. To add to the lack of security software, there’s also common negligence on the user’s side to update firmware and employ additional security options. However, there’s one thing when a user cannot enhance device security and another when they don’t. Aside from certain devices we cannot do anything about, there’s a vast middle ground where we can actually apply certain security measures to avoid cyber attacks, but we don’t.

Think of all your printers, cameras, routers, and other devices that still use the default login credentials. If a device has a login and a password, you should ALWAYS change the default credentials into something strong and unique. Don’t just leave passwords like “admin” or “default” on your device. Brute forcing such passwords is a piece of cake, so if you can change login credentials and passwords on your smart devices, you should do it as soon as possible.

If you have a lot of devices and you find coming up with new passwords for all of them too bothersome, you can try out the Cyclonis Password Manager free trial for 30 days. This tool can help you generate strong passwords, and it can also store them for you, so you don’t need to jot them down anywhere. In fact, writing down your passwords on a piece of paper is a big no-no, so don’t you ever think of doing that.

To take everything into account, researchers are working around the clock to prevent cyber attacks and to help us learn more about them. Likewise, we need to do our part in this perpetual game of catch-up, too. Employing the most basic security measures like regularly updating software and firmware, and using strong passwords isn’t that hard. If we do that, we will definitely make it harder for cybercriminals to reach us.