The BBC finally validated what security teams around the world have been saying for a couple of years – home user machine security counts too. In a recent test by the BBC news team, they used a honeypot to emulate a home user system with a high-speed connection. What they found is likely not surprising to security folks, but it is likely eye opening to the common user and management.
The BBC team set up the honeypot repeatedly over a 24 hour period. During that time, the PC was attacked 53 times from the Internet! The breakdown of the attacks they identified were as follows:
1 attempted buffer overflow
2 port scans
14 worm attacks
36 RPC-type attempts to Trojan the machine
This goes right along with the effects MSI has observed when we have done the same thing with our honeypots. These are real numbers, and in some cases, may even be low. Our common attacks from exposed honeypot systems often show higher levels of attack than this, and include hundreds of spam email probes, repeated worm assaults against web systems, scans for bad PHP and Horde Framework files and all sorts of other noise.
The reality is that attackers and automated assaults like Bots, Trojans and worms have made even the home user network neighborhoods dangerous places to hang out. Without the proper safeguards and security mechanisms, home user systems are in serious danger. Attackers will plunder them for identity data, leverage them to gain access to corporate environments and turn them into components of ever-increasing Bot-nets. Until home users begin to make better security decisions, vendors begin to integrate deeper security into their computing products and consumers begin to care about security in the way they spend their currency, it is very likely that home systems will remain little more than sitting ducks.