Tag: Protocol Abuse
Attack Types of Top Attacking IP Addresses Many of the IP addresses attacking American systems during the winter of 2019 were involved with abusive port scanning activity. As noted in the Top Target Ports section, Microsoft SMB port 445 was the highest targeted port. We continue to observe high levels of attack traffic pointed toward…
Read MoreF5 Labs, in conjunction with our partner Baffin Bay Networks, researches global attack traffic region to region to gain a deeper understanding of the cyberthreat landscape. Aside from attack campaigns targeting the entire Internet (IPv4 address space), the attack landscape varies regionally in terms of sources, targets, and attack types. In addition, targeted ports expose…
Read MoreMirai is an IoT botnet (or thingbot) that F5 has discussed since 2016. It infamously took down large sections of the Internet in late 2016 and has remained active ever since. Its source code was released online in September 2016, allowing unskilled attackers to create a malicious botnet with relative ease. Mirai continues to target…
Read MoreEditor’s Note: F5 Labs is a threat research and analysis team within F5 Networks. As a relatively small team of researchers, evangelists, and writers who produce vendor-neutral threat-related content, we look forward every summer to the opportunity to bring in a college intern to help us with special research and data analysis projects. In the…
Read MoreThe sight of empty supermarket shelves during the COVID-19 pandemic brought home the fragility of our food supply chain. We can all see the importance of ensuring the security of the farming and agriculture industry. However, farming is becoming increasingly automated. This means new cybersecurity risks are emerging to stand alongside traditional risks like the…
Read MoreOn Tuesday, December 8th, 2020, FireEye, a leading cybersecurity firm used by governments and companies for penetration testing and forensic services announced that it had been the target of an attack by nation-state actors “with top-tier offensive capabilities,” and that a suite of tools used by FireEye for penetration testing had been stolen. What do…
Read MoreAccounting for the slight dip in 2019, password login attacks account for 32% of all reported SIRT incidents over the past three years. We also saw how they jumped in 2020, so we did a deeper dive into how these kinds of cyberattacks ramped up during the pandemic. Credential Stuffing Attacks at Financial Services Organizations…
Read MoreF5 Labs in collaboration with Effluxio researches global attack traffic to gain a better understanding of the cyberthreat landscape. In this installment of regional threat analysis, F5 Labs researchers break down the data collected by our sensors on attacks targeting Latin America from January 1 through March 31, 2021. Cyberattacks happen in many forms, but…
Read MoreThe Largest DDoS Attack of 2021 So Far The largest attack the SOC team encountered over the past 15 months came in February 2021 and targeted a technology company that provides information security services for gaming and gambling organizations. The onslaught peaked at 500 Gbps, or half a terabit per second. Threat actors, possibly disgruntled…
Read MoreA wide variety of organizations fall under financial services, including banks of varying sizes, credit unions, insurance companies, government-sponsored financial institutions, stock exchanges, investment funds, payment processors, consumer finance lenders, brokerages, and companies that service the financial sector. We’ll look at all of these and note the differences in the data, starting with the largest…
Read More