Discover malicious IPs and domains with Akamai Guardicore Segmentation
This chart lists the top ten attacking IP addresses observed by GuardiCore sensors around the world.
The attackers coming from these IPs use penetration techniques such as brute force password guessing and exploiting known and unknown (zero day) vulnerabilities. Once the machine has been compromised, these attackers execute a wide range of attack tools to establish their control over the victim machine and attempt to further propagate across the network.
This table lists the top malicious domains attackers currently use. Attackers use domains rather than hard coding IP addresses to allow them to constantly shift infrastructure. These domains usually serve as file servers to download post-breach tools, C&C servers to control the different attack tools, and logging servers to send data from the victim machines.
This table list the top IPs attackers connect to after breaching a server. These machines usually serve as file servers to download post-breach tools (e.g. Remote Administration Tools (RAT) network and vulnerability scanners, exploit and cryptocurrency tools ), C&C servers to control the different attack tools, and logging servers to send data from the victim machines.
This chart lists the most active scanners. Scanners are machines that access one or more services across one or more subnets monitored by GuardiCore sensors without performing attacks. The attackers run scanners to locate vulnerable services that can fit their exploitation methods (e.g. bad configuration, out-of-date software).
This chart shows the percentage of human attacks within the overall attacks. Attacks operated by humans (as opposed to automated attack scripts) may suggest an insider threat or a more skillful external actor. These attackers don’t usually aim for crypto mining, traffic monetization or DDOS botnet creation. Instead, once access has been gained, they try to move laterally across the organization to steal confidential information, shut down activity for long periods of time, etc...
A botnet is a network of computers infected with malicious software (malware) and controlled by an attacker or cybercriminal. The computers in the botnet can be used to launch coordinated attacks such as account takeover, distributed denial-of-service (DDoS) attacks, and phishing campaigns, and to steal sensitive information. Botnets can be used for a variety of other malicious activities as well.
Botnets enable cybercriminals to automate their credential stuffing campaigns. By directing a botnet to continuously ping login or account pages with credentials purchased from the dark web, attackers can make hundreds of thousands of scam attempts per hour with very little effort.
The Akamai Guardicore CTI service offers unique information on malicious internet assets — IP addresses and domains — detected by Akamai. Threat information is based on three main resources: our global sensors network, Akamai Guardicore reputation services, and the insights of the Akamai Security Intelligence Group.
0
K+
0
0
K+
0
K+
Detect more threats faster and respond with great intelligence
If you have questions or comments about this threat data or want to learn more, contact our security experts.