Tag: Network Tier
The Largest DDoS Attack of 2021 So Far The largest attack the SOC team encountered over the past 15 months came in February 2021 and targeted a technology company that provides information security services for gaming and gambling organizations. The onslaught peaked at 500 Gbps, or half a terabit per second. Threat actors, possibly disgruntled…
Read MoreA wide variety of organizations fall under financial services, including banks of varying sizes, credit unions, insurance companies, government-sponsored financial institutions, stock exchanges, investment funds, payment processors, consumer finance lenders, brokerages, and companies that service the financial sector. We’ll look at all of these and note the differences in the data, starting with the largest…
Read MoreCyberattack Incidents at Financial Services Companies Like payment processors, financial services companies are private companies that serve the financial sector by providing data processing for banks, credit unions, and other financial institutions. They can perform loan analyses, credit ratings, check printing, data storage, or analytics. Basically, they provide any outsourced service except payment processing (the…
Read MoreThe sector with the largest single attack in 2021, however, was ISP/Hosting, which saw attacks peak at 1.4 Tbps. Where DDoS Attacks Come From Denial-of-service attacks are most frequently launched from compromised servers or consumer devices, such as Internet-of-Thing (IoT) products and broadband routers. In producing this report, we made use of data not only…
Read MoreAugust Port Scan Data F5 Labs also analyzes data for TCP ports other than 80 and 443 from the Efflux network. The top 10 ports for August 2022 follow patterns we’ve been seeing for years, with port 5900 (VNC) topping the list, followed by a collection of ports used mainly for remote access (ssh, telnet,…
Read MoreThe two peaks appeared to be caused by the attackers targeting the company’s domain name, rather than a specific IP address. The customer uses a round robin DNS system with two IP addresses, each with a 90-second TTL (time-to-live). As the attackers’ DNS resolutions shifted with the round robin, for a brief period both IP…
Read MoreF5 Labs was honored to host two Howard University undergraduate students, Malaya Moon and Akosua Wordie, as part of a Summer Security Practicum program. These two students assisted F5 Labs staff with analyzing and classifying web sensor data, and they dived deep into attacks against South Africa from the first part of 2021. By doing…
Read MoreAlthough the attack scan traffic into the United States is in line with the proportion of the assigned IP addresses, most of the other countries are not. The extreme outlier that stands out is Malaysia, rising to second place in Q3 2021. Examining Attacks on Malaysia from China Since this is so unusual, we examined…
Read More
As we have done for prior DDoS Attack Trends reports, we recently analyzed attack data from the F5 Distributed Cloud DDoS Mitigation service to get a look at the DDoS traffic they handled for their customers in 2022. We continued our analysis by comparing 2022 data to that of 2021 and 2020. Some interesting trends…
Read MoreThe 2021 Application Protection report notes that ransomware was a factor in roughly 30 percent of U.S. breaches in 2020. Looking at the breach analyses, we found some of the most important controls were user account management, network segmentation, and data backup. We realize that implementing these controls can be difficult, so this article goes…
Read More