Researchers commissioned by NordVPN confirmed that knowledge gathering attacks spiked by 300% following the foiling of an incredible plot to kidnap the governor of Michigan. Similar attacks gained traction earlier this month after the announcement about President Trump’s hospitalization.
The findings came from the so-called honeypot, a cluster of servers that mimic real-life servers and attract cybercriminals. Over the two months of testing, the honeypot was attacked on a daily basis. However, two instances stood out by the number of attackers attempting to break in.
“Attacks targeted port 80, which is the standard port for HTTP websites. Attempts to break in skyrocketed, reaching a 300% uplift within one day. The goal of these types of attacks is usually reconnaissance or scraping. In other words, knowledge gathering,” says Daniel Markuson, digital privacy expert at NordVPN.
According to the digital privacy expert, it is hard to tell where the attacks originated, as attackers likely used proxy servers to disguise their true location.
Daniel Markuson highlights that there is no way to prove the correlation between developments in the political arena and cyberattacks. However, cyberattackers might have been taking advantage of the public monitoring the news instead of their own cybersecurity. Regardless, the spikes we have witnessed are rather unusual.
Is there anything to worry about?
Honeypots help to understand what types of attacks are trending and what types of malware, viruses, and attacks we can expect in general. Such insights can be used to enhance the security measures taken by individuals, institutions, and businesses.
Cybereason created a honeypot to trick cybercriminals into thinking they have found a financial company with weak security. The bots hackers commonly use to initiate attacks discovered the server immediately. The network was breached within 2 hours and performed 80% of the tasks required for a hack in less than 15 seconds.
“We must develop a habit of taking protection measures by default. Websites should be using HTTPS protocols by default; databases should not be left unprotected; and individuals are advised to surf the net using a VPN to protect themselves from eavesdropping and attacks,” says Daniel Markuson.