Tag: Services Tier
Email Headers An excellent source of internal configuration information can be gleaned from email headers. Attackers can simply fire off a few email inquiries to folks at an organization and see what they can find. Here’s a typical email header using our example company, Boring Aeroplanes, from our phishing example. Note both internal and…
Read MoreSome startups see security as a nice-to-have that can be added months or years after launch. The smart ones realize that dependable security from the beginning means solid performance, satisfied customers, and no precious startup dollars wasted on fraud or incidents. F5 Labs decided to peek under the hood of one of these smart startups: Wanderlust…
Read MoreWe also analyzed the primary root causes of the breaches, how that varied in breach remediation costs by industry, and the impact of these breaches on each data type breached on the global scale. The purpose of our analysis was to identify where organizations are most likely to be attacked in a way that…
Read MoreOn Dec 8, 2017, 4iQ reported the discovery of a database on the dark web containing 1.4 billion credentials—in clear text.1 The fine writers of the aforementioned article note that they’ve “tested a subset of these passwords and most of them have been verified to be true.” 1.4 billion. A standard calculator (like the one…
Read MoreF5 threat researchers have discovered a new Apache Struts campaign. This new campaign is a sophisticated multi-staged attack targeting internal networks with the NSA-attributed EternalBlue and EternalSynergy exploits. We have dubbed the campaign “Zealot” based on the name of the zip file containing the python scripts with the NSA-attributed exploits. As we continue to research…
Read MoreAnything we put online must swim in a sea of enemies. The F5 Labs report, Lessons Learned from a Decade of Data Breaches, revealed that an average breach leaked 35 million records. Nearly 90% of the US population’s social security numbers have been breached to cyber criminals. When confronted by staggering statistics like these, it is…
Read MoreFigure 2: Alternative C&C server address hosted on Pastebin.com One of the challenges that adversaries need to deal with is how to maintain a sustainable C&C infrastructure without being quickly denylisted by enterprise security solutions, or being frequently shut down by ISPs and hosting services following law enforcement and security vendors’ abuse reports. Many…
Read MoreSure, the C&C list is a small sample size, and C&C hosts come and go quickly. This list is in no way exhaustive—it’s just a snapshot in time from last quarter. But for a breakdown of the domain hosting services, see the end of this article. “Yes, I really am a C&C server.” A…
Read MoreWe’re celebrating our one-year anniversary here at F5 Labs, the application threat intelligence division of F5! Although F5 researchers have been providing threat-related, F5-specific guidance to our customers for many years through DevCentral, the time was right a year ago today to launch a dedicated website that provides the general public with vendor-neutral, application-focused, actionable…
Read MoreEvery day, your web servers are increasingly being scanned—and likely attacked—by adversaries attempting to gain access to your infrastructure. Between 2015 and 2017, our data partner, Loryka, observed these types of scans grow from 200 per minute to as much as 2,000 per minute. These kinds of attackers are professionals; they do this for a…
Read More