Spitfire launches live cyber attack map after 71,793 probes

Spitfire Network Services has launched a live cyber attack map.

The tracker recorded 71,793 attack attempts against a single public IP address over the past 24 hours.

Based on a honeypot system exposed to the internet, the map is intended to show the volume of automated attacks directed at publicly accessible addresses. Spitfire has made the tracker publicly available after first developing it for internal use.

According to figures published by Spitfire, the system logged 1,978 attacks an hour and 27 attacks a minute over the period measured. The attacks are also broken down by location, although apparent origin points may not reflect the true location of those behind them because temporary virtual machines can be used to disguise activity.

Attack volume

The figures offer a snapshot of how frequently internet-facing infrastructure is scanned and tested by automated tools. Honeypots are commonly used in cyber security to attract suspicious traffic and observe attack patterns without exposing production systems.

Harry Bowlby, Managing Director of Spitfire Network Services, said the decision to publish the tool was intended to make that activity more visible. “We originally developed this tracker internally, but we felt now was the right time to make it public so people can see just how active cyber attackers really are.

“The volume of attacks is startling. Every organisation with a public-facing IP address is constantly being probed by automated tools searching for vulnerabilities. Business leaders need to understand that exposure to the internet means being targeted.”

Business risk

The map is designed to highlight the risks attached to publicly exposed devices and services. Spitfire argues that once attackers gain access to one device, they may try to move through a wider network and remain undetected before launching a more damaging attack.

“The risk to any organisation could quite literally upend their business. Once an attacker has access to a single device on a network, they can use that to infiltrate other devices.

“In the worst-case scenario, malicious actors may ensure the vulnerability remains unnoticed for as long as possible before potentially launching a ransomware attack. That can be business-critical because of the interruption to operations, the cost of recovering lost data, restoring damaged IT systems and, if paid, the cost of the ransom itself.

“This is a major reason why the secure private networking across fixed line, mobile and cloud offered by Spitfire’s One Network is such an industry-leading solution for businesses,” Bowlby said.

The company provides voice, internet, internet of things and wide area connectivity services. It added that attacks shown on the map appear in large part to originate from the US, while cautioning that attackers may be masking their real location.

Spitfire has operated from central London for 35 years. The business says it has annual turnover of more than GBP £23 million and employs more than 100 staff.