TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

F5 Labs

Regional Threat Perspectives, Fall 2019: Australia

2019-12-12 · Read original ↗

ATT&CK techniques detected

4 predictions
T1071.001Web Protocols
74%
"actors intentionally disguising their activities. figure 2. top 20 source traffic countries ( on a normalized scale ) of attacks targeting systems in australia, august through october 2019. top attacking organizations ( asns ) systems in ovh sas, a hosting provider offering dedic…"
T1071.001Web Protocols
67%
"in australia, followed by ip addresses assigned in moldova, russia, italy and the netherlands. traffic from ip addresses assigned in these five countries account for over a half ( 55 % ) of malicious traffic seen targeting australian systems during this time period. ip addresses …"
T1071.001Web Protocols
53%
"accounts for a relatively small portion of all malicious traffic, there were two australian ip addresses appearing in the top 50 attacking ip addresses in position 36, and position 43. these two ip addresses account for 57. 66 % of all malicious traffic originating from australia…"
T1071.001Web Protocols
32%
"and continued through october 31, 2019. we have opened up a public threat hunting investigation on twitter to uncover what is going on with these attacks and will be looking to share our findings and ask questions soon. for now, join the conversation on twitter. for a complete li…"

Summary

Attackers probed Australian applications for vulnerabilities on the most commonly used ports, and credential stuffing attacks were prevalent.