TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

F5 Labs

Regional Threat Perspectives: United States

2019-05-02 · Read original ↗

ATT&CK techniques detected

5 predictions
T1190Exploit Public-Facing Application
39%
“, followed by http port 80, the web traffic standard. ssh and http are typically the top attacked ports globally and indicate run - of - the - mill attacks looking for vulnerabilities in which to gain access to web applications. such a large spike in port 445 attacks is an anomal…”
T1046Network Service Discovery
36%
“, followed by http port 80, the web traffic standard. ssh and http are typically the top attacked ports globally and indicate run - of - the - mill attacks looking for vulnerabilities in which to gain access to web applications. such a large spike in port 445 attacks is an anomal…”
T1071.001Web Protocols
35%
“, pt telekomunikasi ( indonesia ), and chinanet ( china ). - the majority of networks attacking us systems were not seen attacking canadian, european, or australian networks during the same period. the consistency in attacks across all regions came from state - sponsored networks…”
T1190Exploit Public-Facing Application
34%
“) or vulnerability management. web applications taking traffic on port 80 should be protected with a web application firewall, be continually scanned for web application vulnerabilities, and prioritized for vulnerability management, including but not limited to bug fixes and patc…”
T1110Brute Force
32%
“) or vulnerability management. web applications taking traffic on port 80 should be protected with a web application firewall, be continually scanned for web application vulnerabilities, and prioritized for vulnerability management, including but not limited to bug fixes and patc…”

Summary

Attackers using IP addresses in Vietnam, China, and Russia focused on attacking applications over Samba, SSH, and HTTP.