London cyber decoys attacked 91m times in a month

Computers specially configured to make cyber criminals think they were small businesses operating in London were attacked by hackers over 2,000 times every minute this January. The computers – called honeypots – were operated by cyber insurer Coalition as part of an exercise to assess the volume of cyber attacks directed against businesses in the capital.

The data is being supplied to the Cyber Resilience Centre for London, a police-led, not-for-profit organisation working in partnership with the Mayor of London’s Office for Policing and Crime.
Data from the honeypots showed that over the course of 28 days in January, the devices were attacked 91m times by over 101,000 different hackers.

Russia was the single largest source of attacks followed by Bulgaria, Monaco and Panama. However, Coalition’s experts pointed out that many cyber criminals hide their location by mounting attacks using virtual private networks routed through other countries.

Of the 91m attacks recorded, 77m were attempts to hack into remote desktop connections used by employees working out of office. Dr Simon Bell, Coalition’s UK security researcher, said: “These results show just how much home working has widened businesses’ attack surface – the number of internet connections and vulnerabilities that hackers can exploit. 85% of attacks we saw were attempts to gain unauthorised access to these remote connections.”

Coalition, which launched in the UK in September last year and offers cyber security and insurance, runs a global network of honeypots. Bell said: “We use honeypots to learn about threat actors and their methods. It’s a little like using decoy car to attract car thieves. Once the attack happens, we can see what vulnerabilities the cyber criminal is looking for and how they try to exploit them. In this exercise, our honeypots were given IP addresses that identified as physical data centres in London.”

Simon Newman, CEO of the Cyber Resilience Centre for London, added: “The data supplied by Coalition is incredibly valuable to us as we get real-time insights into the threat landscape of the City, and the latest trends and techniques being deployed by cyber criminals. This allows us to tailor up-to-date guidance for our membership base of SMEs, which make up 99.8% of businesses across the capital. It also helps to illustrate the scale of the threat facing the business community, which in turn supports access to funding and partnerships that allows us to continue our important work.”

    Share Story:


Deborah Ritchie speaks to Chief Inspector Tracy Mortimer of the Specialist Operations Planning Unit in Greater Manchester Police's Civil Contingencies and Resilience Unit; Inspector Darren Spurgeon, AtHoc lead at Greater Manchester Police; and Chris Ullah, Solutions Expert at BlackBerry AtHoc, and himself a former Police Superintendent. For more information click here

Modelling and measuring transition and physical risks
CIR's editor, Deborah Ritchie speaks with Giorgio Baldasarri, global head of the Analytical Innovation & Development Group at S&P Global Market Intelligence; and James McMahon, CEO of The Climate Service, a S&P Global company. April 2023