LAST UPDATED: 2021-06-07
Report discontinued. Replaced by: Honeypot Brute Force Events Report
One of these honeypot type sensors is dedicated to detecting SSH and telnet attacks against network devices. These attacks typically involve brute-forcing credentials to obtain access.
Once access has been obtained, the devices are used for other attacks, which may involve installing malicious software that enables the device to function as part of a botnet. For example, the well-known Mirai botnets were used in this way to launch DDoS attacks.
Hacked devices may also be used to launch scans on other vulnerable Internet devices. In still other cases, using brute force to breach networking devices may enable a criminal to attempt financial theft. By inserting rogue DNS server entries into a home router’s network configuration, they can redirect user traffic to malicious webpages, making phishing attacks on the home network user.
When we detect brute force attacks, our system reports them to the owners of the network from which the attacks originate, or to the National CERTs responsible for that network.
This report type was created as part of the EU Horizon 2020 SISSDEN Project.
Please note this report will be replaced after 2021-06-01 by Honeypot Brute Force Events Report.