The BBC has commissioned a research exercise carried out by security company Cybereason that uses authentic-looking ‘honeypot’ servers to study the activities of internet bots. The results have revealed that it takes a bot little more than an hour to identify a new server and to check it out for vulnerabilities.
If the digital attack tool finds a weakness, it will then use its foothold to launch phishing attacks to harvest passwords and other sensitive data for the attacker to exploit or sell on to a third party – who will often cherry-pick particularly lucrative targets such as banks or government bodies.
The honeypot cyberattack sampling tool, using fake servers to gather information on the modus operandi of potential hackers, is helpful in customising effective defence systems – such as expedient patching, setting robust passwords, controlling admin access and regular monitoring of apps for bugs. Cybereason is planning to establish ever more attractive bogus targets in order to study cybercriminals’ attack methods in greater depth.
Read more at http://www.bbc.co.uk/news/technology-40850174