GuardiCore Cyber Threat Intelligence
Get the intel you need to predict attacks and mitigate risks
Show Me What You Got
Real-Time Threat Intelligence is Critical
Many of today’s cyber attacks come from IP addresses already known by the security community. GuardiCore’s Cyber Threat Intelligence (CTI) is a live repository of these threats and is based on three main resources: GuardiCore Global Sensors Network (GGSN), GuardiCore Reputation Services, and the insights of the GuardiCore Labs team.
As a service to the security community, GuardiCore Labs provides a weekly feed about the week’s top threats.
Use the arrows to navigate through the weeks and see how it is affecting each of the graphs.
This chart lists the top ten attacking IP addresses observed by GuardiCore sensors around the world.
The attackers coming from these IPs use penetration techniques such as brute force password guessing and exploiting known and unknown (zero day) vulnerabilities. Once the machine has been compromised, these attackers execute a wide range of attack tools to establish their control over the victim machine and attempt to further propagate across the network.
These tables list the top malicious domains and IPs attackers use. Malicious domains and IPs usually serve as file servers to download post-breach tools (e.g. Remote Administration Tools (RAT) network and vulnerability scanners, exploit and cryptocurrency tools ), C&C servers to control the different attack tools, and logging servers to send data from the victim machines.
This chart lists the most active scanners. Scanners are machines that access one or more services across one or more subnets monitored by GuardiCore sensors without performing attacks. The attackers run scanners to locate vulnerable services that can fit their exploitation methods (e.g. bad configuration, out-of-date software).
This chart shows the percentage of human attacks within the overall attacks. Attacks operated by humans (as opposed to automated attack scripts) may suggest an insider threat or a more skillful external actor. These attackers don’t usually aim for crypto mining, traffic monetization or DDOS botnet creation. Instead, once access has been gained, they try to move laterally across the organization to steal confidential information, shut down activity for long periods of time, etc...
Sensor Network (GGSN)
A network of deception servers installed in multiple data centers around the world, streaming early threat information to GuardiCore Labs for attack identification and analysis.
A cloud-based service that identifies indicators of compromise (IoCs) based on the presence of suspicious domain names, IP addresses, and file hashes associated with known malicious activity.
GuardiCore’s global research team is comprised of leading cyber security experts whose mission is to provide analysis, insights and response methodologies to the latest cyber threats.