"RDP Honeypot Targeted 3.5 Million Times in Brute-Force Attacks"

A study involving high-interaction honeypots with a Remote Desktop Protocol (RDP) connection accessible from the public web demonstrates that attackers are relentless and follow a daily schedule that closely resembles office hours. Researchers at GoSecure, a threat detection and response company with headquarters in the US and Canada, logged close to 3.5 million login attempts to their RDP honeypot system over the course of three months. At the NorthSec cybersecurity conference in Montreal, Canada, Andreanne Bergeron, a GoSecure cybersecurity researcher, explained that the honeypots are tied to a research program aimed at understanding attacker strategies, which could then be translated into prevention advice. The honeypot has operated intermittently for more than three years and continuously for over a year, but the data compiled for the presentation only represents three months, from July 1 to September 30, 2022. During this time period, the honeypot was hit 3,427,611 times by more than 1,500 unique IP addresses. However, the total number of login attempts for the entire year reached 13 million. This article continues to discuss the GoSecure researchers' experiment involving its RDP honeypot system. 

Bleeping Computer reports "RDP Honeypot Targeted 3.5 Million Times in Brute-Force Attacks"