Check out our blog post about Akamai Guardicore Cyber Threat Intelligence (CTI)
Week Time
This chart lists the top ten attacking IP addresses observed by GuardiCore sensors around the world.
The attackers coming from these IPs use penetration techniques such as brute force password guessing and exploiting known and unknown (zero day) vulnerabilities. Once the machine has been compromised, these attackers execute a wide range of attack tools to establish their control over the victim machine and attempt to further propagate across the network.
This table lists the top malicious domains attackers currently use. Attackers use domains rather than hard coding IP addresses to allow them to constantly shift infrastructure. These domains usually serve as file servers to download post-breach tools, C&C servers to control the different attack tools, and logging servers to send data from the victim machines.
This table list the top IPs attackers connect to after breaching a server. These machines usually serve as file servers to download post-breach tools (e.g. Remote Administration Tools (RAT) network and vulnerability scanners, exploit and cryptocurrency tools ), C&C servers to control the different attack tools, and logging servers to send data from the victim machines.
This chart lists the most active scanners. Scanners are machines that access one or more services across one or more subnets monitored by GuardiCore sensors without performing attacks. The attackers run scanners to locate vulnerable services that can fit their exploitation methods (e.g. bad configuration, out-of-date software).
This chart shows the percentage of human attacks within the overall attacks. Attacks operated by humans (as opposed to automated attack scripts) may suggest an insider threat or a more skillful external actor. These attackers don’t usually aim for crypto mining, traffic monetization or DDOS botnet creation. Instead, once access has been gained, they try to move laterally across the organization to steal confidential information, shut down activity for long periods of time, etc...
The Akamai Guardicore CTI service offers unique information on malicious internet assets — IP addresses and domains — detected by Akamai. Threat information is based on three main resources: our global sensors network, Akamai Guardicore reputation services, and the insights of the Akamai Security Intelligence Group.
0
K+
0
0
K+
0
K+
A network of deception servers installed in multiple data centers around the world, streaming early threat information to Guardicore Labs for attack identification and analysis.
A cloud-based service that identifies indicators of compromise (IoCs) based on the presence of suspicious domain names, IP addresses, and file hashes associated with known malicious activity.
Guardicore’s global research team is comprised of leading cyber security experts whose mission is to provide analysis, insights and response methodologies to the latest cyber threats.
Detect more threats faster and respond with great intelligence
If you have questions or comments about this threat data or want to learn more, contact our security experts.