F5 Labs, in conjunction with our data partner Loryka, has been tracking “The Hunt for IoT” for two years. We have focused our hunt primarily around port 23 telnet brute force attacks—the “low-hanging fruit” method—as they are the simplest, most common way to compromise an IoT device. (Telnet was also the most prominent attack type when we started this research series.)

This report is the first in a bi-annual series that examines risks and attacks in the cloud native computing ecosystem. The next report will be released in the first half of 2019.

Unit 42 has discovered a persistent attack campaign operating primarily in the Middle East dating back to at least mid-2016 which we have named Magic Hound. This appears to be an attack campaign focused on espionage. We were able to collect over fifty samples of the tools used by the Magic Hound campaign using the AutoFocus threat intelligence tool. The earliest malware sample we were able to collect had a compile timestamp in May 2016. The samples themselves ranged from IRC bots, an open source Python remote access tool, malicious macros, and others. It is believed the use of specific tools may have coincided with specific attack waves by this adversary, with the most recent attacks using weaponized Microsoft Office documents with malicious macros. Due to the large amount of data collected, and limitations on attack telemetry, this blog will focus primarily on the most recent attacks occurring in the latter half of 2016.

The Russian invasion of Georgia was preceded by an intensive build up of cyberattacks attempting to disrupt, deface and bring down critical Georgian governmental and civilian online infrastructure. The campaign has been reported in the media, with wide coverage suggesting the campaign was a spontaneous outburst of popular feeling in Russia lead by independent hackers. However, as this report suggests, the offensive was too large, coordinated, and sophisticated to be the work of independent hackers; the evidence leads by-and large to the Russian Business Network (RBN) in St. Petersburg, Russia. Whilst only a criminal investigation can directly prove the involvement of the Kremlin, both experts and commentators have accused Moscow of sponsoring the attacks as their magnitude requires the involvement of the kind of resources only a state-sponsor can provide.

This report focuses on key metrics from the following verticals: 1) Education 2) Finance & Finance-related Businesses 3) Technology 4) Healthcare Additional data is provided that focuses on company size. In the following pages, we present specific data showing the types of attacks attempted on these networks and other key findings that we believe are of interest.

This Annual report discusses the events and changes in the cybersecurity landscape of 2017.

This e-book seeks to help you understand all of the many details necessary for succesful network management.

This report covers performance, security, and encryption essentials for online applications.

This is a technical guidance document provided by the US Government. It provides an aggregate of already existing Federal government and private industry best practices and mitigation strategies focused on the prevention and response to ransomware incidents.

This is the fourth annual presentation of the cybercrim threat landscape by Europol’s European Cybercrime Centre.

Have you ever wondered what 0 types of cyber attacks affect small to midsize businesses (SMBs) and distributed enterprises (DEs)? Well, you’ve come to the right place.

The Qadars Banking Trojan has been observed globally targeting well-known banks since 2013. The research in this white paper provides a detailed analysis of the banking trojan, discussing the obfuscation techniques, domain generation algorithm (DGA), communication protocols and data formatting, and social engineering techniques employed by the trojan.

This report discusess malware attacks and data from the year 2016 and makes predictions for 2017.

This is Akamai’s State of The Internet Security report from the fourth quarter of 2017

The Annual Cybersecurity Report highlights the relentless push-and-pull dynamic between cyber attackers and cyber defenders. It is intended to help organizations respond effectively to today’s rapidly evolving and sophisticated threats.

Gain insights into the nature and rationales of cyber threats international organizations and nonprofits face.

This report contains observations from DDoS attack attempts in Q2 2017 and Q3 2017, as well as comparisons against previous quarters. The data represents the frequency and sophistication of DDoS attacks that organizations face today.

This report is focussed on providing insights based on events in 2017.

This report takes a look back at 2017 and a look forward to 2018. It focuses specifically on malware attacks.

Contributors to this paper include security professionals, including the Security Intelligence Response Team (SIRT), the Threat Research Unit, Information Security, and the Custom Analytics group.

Subtitled “Cyber Attacks: Can the Market Respond?”