‘These attacks are extremely preventable and could potentially lead to disastrous interruption or financial losses,’ says UK security researcher

Nearly three quarters of cyber attacks across the UK in 2023 targeted technology for home-based working, new data from Coalition has revealed.

Published yesterday (18 December 2023), the figures showed that the cyber insurance provider’s UK honeypot sensors were attacked 17m times per day on average during the year.

And of the 5.8bn attacks during 2023, 74% targeted remote desktop protocol (RDP) – a technology that employees who work from home use to connect to Microsoft Windows computers remotely.

Coalition said attackers frequently target RDP because it grants them quick access to devices and allows them to execute further attacks.

“Nearly three quarters of recorded attacks in 2023 resulted from RDP, which is a scary thought for businesses since remote working is here to stay,” Coalition UK security researcher Dr Simon Bell said.

”These attacks are extremely preventable and could potentially lead to disastrous interruption or financial losses.

”To reduce these risks, we recommend immediately disabling the service if it is not in use or limiting access to only the employees who need it.”


According to Coalition, honeypots, which were traditional used by spies as an espionage technique, are digital assets that are made to look like legitimate devices, such as a network, but instead acts as a decoy to capture cyber criminals.

In its latest data, the insurance provider also found out what open vulnerabilities’ attackers were exploiting in its honeypots, such as F5 BIG-IP.

This is a mixture of software and hardware designed around application availability, access control and security solutions.

“Attackers will often target old vulnerabilities to exploit. This is partly due to the availability of public exploits for these vulnerabilities, giving hackers an available playbook for successfully executing an attack,” Bell said.

”This is also because attackers know organisations can be slow to patch their software, exposing their systems to these known vulnerabilities.”

Coalition further found that policyholders with just one unresolved vulnerability were 33% more likely to experience a claim and those that continued to use software that was no longer supported by the original developers were three times more likely to suffer from an incident.

”Attackers can take advantage of outdated software and easily accessible public exploits to attack such systems,” Bell warned.