Analysis of cyber-attacks in some geopolitically exposed countries in Europe
Boštjan Špehonja
GEA College – Faculty of Entrepreneurship,
Slovenia
Ajda Fošner
GEA College – Faculty of Entrepreneurship,
Slovenia
ajda.fosner@gea-college.si
Robert Brumnik
GEA College – Faculty of Entrepreneurship,
Slovenia
Abstract
The goal of the research was to determine, analyse and compare the type and number of cyber-attacks in the chosen countries: Germany, the United Kingdom, Serbia, and Slovenia. In all four countries, we set up honeypots and in Germany, we installed the fifth server for managing and collecting data from honeypots. Each of the four servers had the identical setup of six sensors: secure shell sensor, file transfer protocol sensor, vulnerable website sensor, server message block sensor, point-to-point tunnelling protocol sensor, and sensor for structured query language protocol for working with databases SQL. Data collection lasted for 12 days in February 2021, during which we detected a total of 1.847.395 attacks. The server in the United Kingdom captured 31,53% of the overall traffic, the server in Germany 23,26%, the server in Serbia 22,71%, and the server in Slovenia 22,50% of the overall traffic. After exporting all unique IP addresses from all four servers, we found a significant 12,89% overlap of IP addresses attacking both the Slovenian server and at least one of the other servers. Moreover, we analysed 124 unique samples of malicious code uploaded on the Slovenian server, and all of them were identified before our data capture, confirming that no zero-day vulnerabilities were cached on the Slovenian server.
Keywords: cybersecurity; cyber-attacks; honeypot; Germany; the United Kingdom; Serbia; Slovenia