FortPot — attacks from the network

We are pleased to inaugurate the launch of the FORTPOT project, a component of our strategy that focuses attention on threat actors. We have decided to begin by examining threats present on the internet and what impacts exposed systems. Botnets, automated scanning, brute force attacks, exploits, and assessment activities are among the attacks observable when a system—such as a router, server, NAS, or video surveillance system—is exposed on a public Internet IP address.

With this post we also inaugurate a series of threat analyses based on the use of our Honeypot network, with nodes deployed across different geographic regions and Internet Service Providers.

What is a Honeypot?

A Honeypot is a decoy used to attract the attention of threat actors who, believing they have found a vulnerable system, proceed with a cyberattack and a series of post-compromise activities.

Analyzing attacker behavior during the Discovery, Exploitation, and Post-Exploitation phases enables analysts to obtain significant quantity and quality of data.

For further information: https://en.wikipedia.org/wiki/Honeypot

FORTPOT – Initial Findings

Our Honeypot infrastructure currently generates over 300 000 security events per day for each individual node.

The ThreatMap below highlights the primary attack sources over the last 48 hours. The majority of attacks consist of Brute Force attempts and SMB service exploits (DoublePulsar). Through Cyber Threat Intelligence collection and analysis, we track these patterns to identify emerging attack vectors and actor infrastructure.

Data collected in the coming weeks will be shared in detail under the new “FORTPOT” category.

Honeypot-based threat monitoring provides defenders with actionable intelligence on reconnaissance patterns, exploitation techniques, and post-compromise behavior observed across geographically distributed sensor networks.