Sensor Intel Series: Top CVEs in August 2022 | F5 Labs
- by nlqip
August Port Scan Data
F5 Labs also analyzes data for TCP ports other than 80 and 443 from the Efflux network. The top 10 ports for August 2022 follow patterns we’ve been seeing for years, with port 5900 (VNC) topping the list, followed by a collection of ports used mainly for remote access (ssh, telnet, ftp, RDP) and some database and mail related ports as well. This month, SMB dropped out of the top ten (but was still at #13) and POP3 made an appearance, up from #16 the month prior.
Port | % of total connections | Typical Application |
5900 | 26.1% | VNC |
3306 | 15.1% | Mysql/MariaDB |
23 | 13.2% | Telnet |
80 | 10.3% | HTTP |
21 | 10.0% | FTP |
22 | 6.9% | SSH |
443 | 4.3% | HTTPS/TLS |
110 | 3.1% | POP3 |
1080 | 2.0% | SOCKS Proxy |
3389 | 1.0% | RDP |
Table 2. Port targeting data for August 2022.
Conclusions
Many of the trends that this scanning traffic represents are unsurprising. Attackers’ emphasis on remote code execution vulnerabilities, for instance, is predictable given the options that a successful exploit provides them. The continuing interest in IoT vulnerabilities means that we should echo the prediction we made about July attacker trends, which is that attackers are building up infrastructure for future DDoS attacks.
Finally, an examination of Figure 2 makes it clear that attacker interest is dynamic and unpredictable. There are too many variables at play, many of them hidden from view, for us to be able to predict with any confidence that a given vulnerability will become popular. The surge in scanning for CVE-2020-8958 is a great example: both in terms of rank and traffic volume, it was insignificant until it spiked in July. In the absence of any way to make specific predictions, timely reporting of observed events is probably as good as we are going to get. And with that slightly self-serving observation, we’ll sign off until next month.
Source link
lol
August Port Scan Data F5 Labs also analyzes data for TCP ports other than 80 and 443 from the Efflux network. The top 10 ports for August 2022 follow patterns we’ve been seeing for years, with port 5900 (VNC) topping the list, followed by a collection of ports used mainly for remote access (ssh, telnet,…
Recent Posts
- Arm To Seek Retrial In Qualcomm Case After Mixed Verdict
- Jury Sides With Qualcomm Over Arm In Case Related To Snapdragon X PC Chips
- Equinix Makes Dell AI Factory With Nvidia Available Through Partners
- AMD’s EPYC CPU Boss Seeks To Push Into SMB, Midmarket With Partners
- Fortinet Releases Security Updates for FortiManager | CISA