Cyber-criminals start attacking servers newly set up online about an hour after they are switched on, suggests research.
The servers were part of an experiment the BBC asked a security company to carry out to judge the scale and calibre of cyber-attacks that firms face every day.
About 71 minutes after the servers were set up online, they were visited by automated attack tools that scanned them for weaknesses they could exploit, found security firm Cyber Reason.
Once the machines had been found by the bots, they were subjected to a “constant” assault by the attack tools.
The servers were accessible online for about 170 hours to form a cyber-attack sampling tool known as a honeypot, said Israel Barak, head of security at Cyber Reason. The servers were given real, public IP addresses and other identifying information that announced their presence online.
“We set out to map the automatic attack activity,” said Mr Barak.
To make them even more realistic, he said, each one was also configured to superficially resemble a legitimate server. Each one could accept requests for webpages, file transfers and secure networking.
After 21 hours, the first booby-trapped phishing email landed in the email inbox for the fake employees, said Mr Barak. It was followed by a steady trickle of messages that sought, in many different ways, to trick people into opening malicious attachments.