“fourth position for attacking middle eastern systems during this time period. top attacking ip addresses out of the top ip addresses attacking middle eastern systems, 54 % only targeted systems in the region. though we saw a large amount of malicious smb port 445 activity, we als…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1071.001Web Protocols
61%
“again due to the global rfb / vnc port 5900 attack campaign. when zooming in on the middle east, one of the most notable findings is the large amount of traffic coming from ip addresses assigned in china, along with a significant amount of traffic coming from other asian countrie…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1071.001Web Protocols
52%
“cyber threats targeting middle east, winter 2019 f5 labs, in conjunction with our partner baffin bay networks, researches global attack traffic region to region to gain a deeper understanding of the cyber threat landscape. aside from attack campaigns targeting the entire internet…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1584.005Botnet
48%
“both of these ports were the top attacked ports during fall 2019 as well, showing the trend continuing into the winter months. http port 80 and https port 443 follow ssh and smb as the third and fourth most attacked ports, respectively. the fifth most attacked port, rfb / vnc 590…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1046Network Service Discovery
44%
“, is the hosting asn for the only two italian ip addresses launching port scanning and credential stuffing attacks on rfb / vnc port 5900 toward middle eastern systems. this was a large portion of the traffic. notably different from asia and the rest of the world ’ s threat lands…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1078.001Default Accounts
38%
“external access ( like http and ssh ). - never expose internal databases publicly and restrict access to internal data on a need - to - know basis. - for remote administration, migrate from telnet to ssh and implement brute force restrictions. disable vendor default credentials o…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1046Network Service Discovery
34%
“specific ip addresses, with one ip address representing the traffic attributed to ip addresses sourced in vietnam, and six ip addresses making up the attack traffic geographically located in china, five specifically in hong kong. the other countries in the top 10 were all seen at…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Attackers used two top ASNs to broadly distribute IP addresses in an attempt to camouflage attack traffic targeting Middle Eastern systems.