Canary, Hits?

Starting with the big numbers, the three OpenCanary instances have seen nearly 5.5 million events in the past 30 days. Almost 3.5 million of those events were attempts to log into the boxes and take them over.

Overall, the events were heavily focused on certain protocols – the aim being to pwn the machine or to steal data from the machine.

Geographical location seems to attract different attacks and different volumes of events. The instance on the US West coast seems to be very popular…!

What’s clear is that each OpenCanary instance is being attacked in many different ways; the US-West instance was subjected to almost all RDP connection attacks; the Swiss instance was hit with 50% of the VNC connection attempts.

What is also clear is MS SQL > REDIS and MySQL; perhaps attackers have found that MS SQL databases open to the Internet are common and usually provide some corporate data….