TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

F5 Labs

Recent Cyberattacks: 2020 Application Protection Report, Vol. 3

2020-12-16 · Read original ↗

ATT&CK techniques detected

4 predictions
T1071.001Web Protocols
66%
"with only six or seven targets across thousands of connections, whereas the red bars show an ip address with more than 800 targets. the implication is that some threat actors have already selected their tactics and tools and know exactly what they ’ re looking for, while some are…"
T1071.001Web Protocols
55%
". figure 7 shows that even when we just looked at the top 1 % of ip addresses and targets, we found essentially no pattern. figure 7. comparison of ip address and target prevalence for the top 1 % of both variables. even for the most common targets and actors, we found no relatio…"
T1071.001Web Protocols
53%
"the median number of instances was one. the single most frequently seen ip address made up 2 % of total traffic, and the most frequently seen target path, the web root /, made up just under 20 % of total traffic ( see figure 1 ). figure 1. the distribution of traffic by target pa…"
T1588.006Vulnerabilities
35%
"israel, followed by the united states, russia, and india ( see figure 3 ). the target paths in the data show no particular association with israeli systems or organizations, so we can only speculate as to the reason behind this geographical ( or geopolitical ) targeting. figure 3…"

Summary

Cyberattacks in Q3 2020 targeted WordPress and other content management systems, IoT devices, and the State of Israel.