TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

F5 Labs

Cyber Threats Targeting Europe, Winter 2019

2020-03-13 · Read original ↗

ATT&CK techniques detected

5 predictions
T1046Network Service Discovery
98%
“such as the middle east, where 54 % of attacking ip addresses uniquely targeted in - region systems. in europe, these uniquely attacking ip addresses include the swiss ip addresses that made up the top attacking ip address in the region. one ip address in particular focused on ab…”
T1046Network Service Discovery
72%
“provider m247 ltd., with ip addresses geographically located in switzerland, launched the most attack traffic directed toward systems in europe, characterized by aggressive port scanning. - nine out of 10 of the top attacking ip addresses in europe originated in europe. the only …”
T1046Network Service Discovery
64%
“##nc port 5900 with credential stuffing attacks on systems around the world. rm engineering is new to our top threat actor network tracking as of june 2019, when the global campaign targeting rfb / vnc port 5900 began, unlike other asns such as ovh sas and hostkey b. v., which ha…”
T1090.002External Proxy
54%
““ europe ” comprises most of the countries that geographically fall within what is commonly referred to as europe. turkey is included in our middle east article. russia, which falls within both europe and asia, is covered in a separate article, so this article does not reference …”
T1571Non-Standard Port
33%
“traffic targeting smb port 445 and rfb / vnc port 5900 was telnet port 23, with ssh port 22 in fourth. these ports are commonly targeted because exploiting a vulnerability on any of these ports can give a malicious actor access to the entire system. along with these top attacked …”

Summary

European systems saw large volumes of attack traffic coming from in-region IP addresses attempting to conduct abusive port scanning.