Company Shares New Cyber Threat Insights and Analysis from Security Labs, its Centre for Research and Development
Technology for home-based working targeted in 74% of attacks
LONDON – 18 December 2023 – Coalition, the world’s first Active Insurance provider designed to prevent digital risk before it strikes, today released new data that showed that, in 2023, the company’s United Kingdom honeypots (sensors) were attacked, on average, over 17 million times per day stemming from over one million unique threat actors.
Of the 5.8 billion attacks on its UK honeypots in 2023, 74% targeted Remote Desktop Protocol (RDP), a technology that employees who work from home use to connect to Microsoft Windows computers remotely. Attackers most frequently target RDP because it grants them relatively quick and easy access to devices, allowing them to execute further attacks, including accessing sensitive information, installing malware, and deploying ransomware.
Coalition UK security researcher Dr Simon Bell commented: “Nearly three-quarters of recorded attacks in 2023 resulted from RDP, which is a scary thought for businesses since remote working is here to stay. These attacks are extremely preventable and could potentially lead to disastrous interruption or financial losses. To reduce these risks, we recommend immediately disabling the service if it is not in use or limiting access to only the employees who need it.”
Coalition’s Security Labs team also observed attackers frequently exploiting open vulnerabilities in its honeypots. The most popular Common Vulnerabilities & Exposures (CVEs) that attackers attempted to exploit were identified pre-2023, including two vulnerabilities that impact F5 BIG-IP, a family of products covering software and hardware designed around application availability, access control, and security solutions.
Bell added: “Attackers will often target old vulnerabilities to exploit. This is partly due to the availability of public exploits for these vulnerabilities, giving hackers an available playbook for successfully executing an attack. This is also because attackers know organisations can be slow to patch their software, exposing their systems to these known vulnerabilities. Attackers can then take advantage of outdated software and easily accessible public exploits to attack such systems.
“In fact, Coalition found that policyholders with even one unresolved critical vulnerability were 33% more likely to experience a claim. We also discovered that policyholders who continued to use end-of-life software—products no longer supported by their original developers—were three times more likely to suffer from an incident.”
Coalition is the world’s first Active Insurance provider designed to help prevent digital risk before it strikes. By combining comprehensive insurance coverage and cybersecurity tools, Coalition helps businesses manage and mitigate digital risks. Coalition offers its Active Insurance products in the U.S., U.K., Canada, and Australia through relationships with leading global insurers, as well as cyber capacity through its own carrier, Coalition Insurance Company. Coalition’s Active Risk Platform provides automated security alerts, threat intelligence, expert guidance, and cybersecurity tools to help businesses worldwide remain resilient against cyber attacks. Headquartered in San Francisco, Coalition is a distributed company with a global workforce that collaborates digitally and in office hubs.