← All stories

F5 Labs

Cyberthreats Targeting Australia, Winter 2019

2020-04-02 · Read original ↗

ATT&CK techniques detected

6 predictions

T1046Network Service Discovery

99%

“abusive port scanning and malware uploads and focused on web application and web application database protocols. many of the ip addresses attacking australian systems during the winter of 2019 were focused on abusive port scanning activity. we continued to observe high levels of …”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1046Network Service Discovery

96%

“distributed attacks over many ip addresses. rounding out the top 10 asns were those that often used more distributed ip addresses in order to conduct abusive port scanning, which is typically associated with network reconnaissance looking for vulnerabilities. top attacking ip add…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1190Exploit Public-Facing Application

83%

“cyberthreats targeting australia, winter 2019 f5 labs, in conjunction with our partner baffin bay networks, researches global attack traffic region to region to gain a deeper understanding of the cyberthreat landscape. aside from attack campaigns targeting the entire internet ( i…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1190Exploit Public-Facing Application

80%

“has been a top targeted port since the release of the eternalblue exploit in april 2017. we did not see this activity in the fall 2019 regional threat perspectives in australia, which can be attributed to our constantly evolving and growing sensor stack as we look at the current …”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1071.001Web Protocols

78%

“web application protocols and web application database protocols. we believe these ports were targeted because exploiting a vulnerability on these ports could give a malicious actor access to the entire system. - during the winter of 2019, australia was the only region in the wor…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1046Network Service Discovery

77%

“##vh sas hosted 15 singaporean ip addresses that conducted abusive port scanning and web application and web application database targeting. hostkey b. v., another hosting provider, was in second position and was seen in attack traffic around the world. the ip addresses this asn …”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

Summary

The Australian threat landscape closely mirrored the threats we observed in Asia, with an added focus on NetBIOS port 139.