Tag: Web Application Attacks
The IcedID malware, also known as Bokbot, is a banking trojan first discovered in 2017 that steals credentials by tricking browser functions into redirecting traffic. It is a stealthy, fileless malware with anti-sandbox capabilities. Previously, F5 Labs analyzed IcedID decompression methods for web injecting relevant files into a target list. This is a much deeper…
Read More
APIs and Sectors As more APIs are published, both by large enterprises who want to make their data more available (such as Google) and by smaller, industry-specific organizations hoping to generate value, some interesting industry patterns are also emerging. Of the organizations for which we had sector information, social networking organizations made up the largest…
Read MoreSo How Good Are Sectors for Predicting Risk? Based on these analyses, it appears that the answer is “not bad, but it depends.” On one hand, we can identify specific patterns that seem to map to characteristics about those sectors. We already knew that the Retail Trade sector is heavily targeted by attacks that are…
Read MoreF5 Labs in collaboration with Effluxio researches global attack traffic to gain a better understanding of the cyberthreat landscape. In this installment of regional threat analysis, F5 Labs researchers break down the data collected by our sensors on attacks targeting Latin America from January 1 through March 31, 2021. Cyberattacks happen in many forms, but…
Read MoreCredential stuffing sounds simple: attackers test stolen usernames and passwords across sites to see what works. After the hype and complexity of vulnerabilities like Heartbleed and Spectre, password reuse seems easy to dismiss. This has caused credential stuffing to become the most underrated attack of the 2010s and it hints at the future of application…
Read MoreA wide variety of organizations fall under financial services, including banks of varying sizes, credit unions, insurance companies, government-sponsored financial institutions, stock exchanges, investment funds, payment processors, consumer finance lenders, brokerages, and companies that service the financial sector. We’ll look at all of these and note the differences in the data, starting with the largest…
Read MoreCyberattack Incidents at Financial Services Companies Like payment processors, financial services companies are private companies that serve the financial sector by providing data processing for banks, credit unions, and other financial institutions. They can perform loan analyses, credit ratings, check printing, data storage, or analytics. Basically, they provide any outsourced service except payment processing (the…
Read MoreAttackers are always on the lookout to compromise digital identities. A successful account takeover allows a cybercriminal to impersonate a genuine user for monetization purposes. Enterprises large and small have utilized various means to secure someone’s digital identity, and credentials are the starting point. F5 Labs 2021 Credential Stuffing Report indicates that 1.8 billion credential…
Read MoreAugust Port Scan Data F5 Labs also analyzes data for TCP ports other than 80 and 443 from the Efflux network. The top 10 ports for August 2022 follow patterns we’ve been seeing for years, with port 5900 (VNC) topping the list, followed by a collection of ports used mainly for remote access (ssh, telnet,…
Read MoreThe title of this report is not a typo. “The State of the State of Application Exploits in Security Incidents” is a meta-analysis of several prominent industry reports, each of which covers the state of application security, hence the name, “the state of the state of.” This report is both an attempt to stitch together…
Read More