TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

F5 Labs

Regional Threat Perspectives: Australia

2019-04-24 · Read original ↗

ATT&CK techniques detected

4 predictions
T1190Exploit Public-Facing Application
94%
“the leaked nsa / cia exploit in 2017 ; and http port 80, the web traffic standard. these targeted ports indicate run - of - the - mill attacks looking for access to web applications. figure 8 : top 20 attacked ports and services conclusion organizations should continually run ext…”
T1071.001Web Protocols
54%
“regional threat perspectives : australia f5 labs, in conjunction with our partner baffin bay networks, researched attacks by geographic region to get a better understanding of the threat landscape region to region. we sought to understand if the global attack landscape was consis…”
T1584.005Botnet
46%
“were seen consistently attacking systems across the entire world. the following 19 networks exclusively targeted australian systems, most of which were hosting companies : figure 5 : networks targeting australian systems not seen targeting other regions top attacking ip addresses…”
T1584.008Network Devices
32%
“lists globally. figure 3 : top 25 attacking asns by attack count the table in figure 4 shows the top 50 asns attacking australia from dec 1, 2018 to march 1, 2019 in order of highest to lowest number of attacks. interestingly, these top 50 networks were split fifty - fifty betwee…”

Summary

Attackers using IP addresses in China, the United States, and the Netherlands focus on attacking applications over SSH, SMB and HTTP.