The State of Internet Cyber Threats in 2024

In 2024, three OpenCanary honeypots were strategically deployed with open ports exposed to the internet, acting as digital traps to monitor real-world cyber attack patterns. These ports were relentlessly scanned—an average of 2,500 times per hour—offering a data-driven snapshot of the most targeted services and attack methodologies.

The results are alarming: Over 69 million unauthorized access attempts were recorded, pinpointing the most exploited protocols and attacker objectives. The top targets included RDP, MSSQL, SSH, VNC, Telnet, SMB, REDIS, FTP, HTTP, Synology, and Proxy, with attacks falling into three distinct categories:

Key Findings: How Attackers Target Open Services

🔹 Take Control of Systems (49 million attempts)
Attackers attempted to seize control of the honeypots, aiming to deploy malware, hijack resources for botnets, or establish persistent access for deeper infiltration.

🔹 Steal Sensitive Data (19 million attempts)
A significant portion of attacks focused on database services, attempting to extract credentials, financial records, and proprietary information.

🔹 Compromise File Systems (1.5 million attempts)
Threat actors tried to infiltrate the host’s filesystem, dropping thousands of malicious files to execute remote commands or embed persistent backdoors.

Unveiling the Full Picture: Download the Report

This dataset—spanning 69 million attack logs—provides granular insights into:
✔ Top originating attack sources by IP and region
✔ Most frequently used brute-force passwords and credentials
✔ Trends in cyberattack automation and botnet behavior

Understanding these patterns is critical for hardening exposed services and preventing unauthorized access.

📩 Get the Full Report – Contact us for deeper analysis and cybersecurity best practices.