UK ISP Spitfire Network Services Launch Live Honeypot Internet Attack Map

Business telecommunications and UK broadband ISP Spitfire (Spitfire Network Services) has today launched a live honeypot attack map, which it claims reveals the scale of automated cyberattacks targeting public IP addresses (e.g. it recorded 71,000+ attacks against a single public IP in just the last 24 hours).

Internet protocol (IP) addresses exist to help connect your computer/devices and software with others around the online world (like an ID number for your connection). But much as we’ve pointed out many times before, anybody with a connection to the public internet can expect to be probed by automated vulnerability scanners, hackers and others on a daily basis. This is why it’s so important to keep your software and hardware up-to-date with the latest patches, firmware and internet security software etc.

Spitfire’s new Honeypot Attack Map is a type of security system designed to highlight the growing threat of malicious actors by showing the kind of activity that can occur against one IP address in real-time (not yours). In fairness, the fact that this is a ‘honeypot’ means that it’s probably a lot more visible and likely to be identified as a target of interest for more probes, so the average user may see less of this activity than the honeypot.

However, experiences do vary depending on lots of different factors, such as what you use your internet connection for (e.g. hosting a website is likely to attract a lot of attack / probe attempts) and where you go online (e.g. people making use of P2P services may be more exposed unless they use a Virtual Private Network to conceal their true IP).

In this case the majority of attacks against Spitfire’s honeypot appear to originate from the USA, although attackers will often mask their true location, such as by using third-party cloud providers, VPNs, proxy servers and botnets etc.

Harry Bowlby, MD at Spitfire Network Services, said:

“We originally developed this tracker internally, but we felt now was the right time to make it public, so people can see just how active cyber attackers really are. The volume of attacks is startling. Every organisation with a public-facing IP address is constantly being probed by automated tools searching for vulnerabilities. Business leaders need to understand that exposure to the internet means being targeted.

The risk to any organisation could quite literally upend their business. Once an attacker has access to a single device on a network, they can use that to then infiltrate other devices in that network. In the worst case scenario, malicious actors will make sure you are unaware of this vulnerability for as long as possible before potentially launching a ransomware attack on your network, which can be business critical from the interruption to business activity and the high financial cost of regeneration of lost data, the restoration of damaged IT systems, and should it be paid, the high financial cost of the ransom.”

Naturally Spitfire has a vested interest here because they have their own internet and network security solutions to sell. But the map still makes for quite a useful visual example of the sort of background activity that most regular internet users will often be blissfully unaware is taking place, unless they’re closely monitoring their network and internet traffic on a daily basis.