Coalition, the world's inaugural Active Cyber Insurance provider, released alarming data reflecting the grim nature of cyber threats in 2023. The company's statistics reveal that their United Kingdom-based sensors or 'honeypots' faced a staggering average of over 17 million attacks per day, originating from over one million unique threat actors over the course of the year.
This digital onslaught against the UK honeypots in 2023, tallying up to a total of 5.8 billion attacks, predominantly targeted Remote Desktop Protocol (RDP). RDP is a technology that lets employees connect remotely to Microsoft Windows computers from home. Disturbingly, almost three quarters (74%) of the attacks were aimed at this crucial infrastructure.
This is due to its potential to provide hackers with swift and simple access to devices, facilitating further attacks that could lead to data breaches, malware installation and ransomware deployment.
Coalition's UK security researcher, Dr Simon Bell, clarified the significance of the findings: “Nearly three-quarters of recorded attacks in 2023 resulted from RDP, which is a scary thought for businesses since remote working is here to stay."
"These attacks are extremely preventable and could potentially lead to disastrous interruption or financial losses. To reduce these risks, we recommend immediately disabling the service if it is not in use or limiting access to only the employees who need it.”
Coalition’s Security Labs team found that alongside RDP, hackers frequently exploited open vulnerabilities in its honeypots. The team identified the favourite Common Vulnerabilities & Exposures (CVEs) that attackers attempted to manipulate as predating 2023. Included in this list were two vulnerabilities impacting F5 BIG-IP, a suite of products circling around application availability, access control and security solutions.
Dr Bell shed light on the alarming patterns observed, stating: “Attackers will often target old vulnerabilities to exploit. This is partly due to the availability of public exploits for these vulnerabilities, giving hackers an available playbook for successfully executing an attack."
"It is also because attackers are aware organisations can be slow to patch their software, leaving their systems exposed to these known vulnerabilities. Attackers can then easily target outdated software using the readily available public exploits."
He continued, offering additional troubling insights from the firm's research. "Coalition found that policyholders with even one unresolved critical vulnerability were 33% more likely to experience a claim. We also discovered that policyholders who continued to use end-of-life software - products no longer supported by their original developers - were three times more likely to suffer from an incident,” concluded Dr Bell.