Week Before

Week  A f t e r

GuardiCore Cyber Threat Intelligence

Get the intel you need to predict attacks and mitigate risks

Show Me What You Got

Real-Time Threat Intelligence is Critical

Many of today’s cyber attacks come from IP addresses already known by the security community. GuardiCore’s Cyber Threat Intelligence (CTI) is a live repository of these threats and is based on three main resources: GuardiCore Global Sensors Network (GGSN), GuardiCore Reputation Services, and the insights of the GuardiCore Labs team.

00

k+

0

Sensors

IOC types

00
00

k+

k+

Scanners

Attackers

Weekly Updates

As a service to the security community, GuardiCore Labs provides a weekly feed about the week’s top threats.

Use the arrows to navigate through the weeks and see how it is affecting each of the graphs.

Week Before

Week  A f t e r

Top Attackers

This chart lists the top ten attacking IP addresses observed by GuardiCore sensors around the world.

 

The attackers coming from these IPs use penetration techniques such as brute force password guessing and exploiting known and unknown (zero day) vulnerabilities. Once the machine has been compromised, these attackers execute a wide range of attack tools to establish their control over the victim machine and attempt to further propagate across the network.

DOWNLOAD

Malicious Domain Names and IP Addresses*

These tables list the top malicious domains and IPs attackers use. Malicious domains and IPs usually serve as file servers to download post-breach tools (e.g. Remote Administration Tools (RAT) network and vulnerability scanners, exploit and cryptocurrency tools ), C&C servers to control the different attack tools, and logging servers to send data from the victim machines.

 

  • There is no correlation between the malicious domains and the malicious IPs on these two tables

DOWNLOAD

Top Malicious Domains
Top Malicious IPs

Top Scanners

This chart lists the most active scanners. Scanners are machines that access one or more services across one or more subnets monitored by GuardiCore sensors without  performing attacks. The attackers run scanners to locate vulnerable services that can fit their exploitation methods (e.g. bad configuration, out-of-date software).

DOWNLOAD

Top Attacked Services by Port

This chart presents the services that are most often attacked over the internet. This helps detect new malware outbreaks in their early stages (e.g. WannaCry) by identifying a dramatic surge in the number of attacks targeting a specific service.

DOWNLOAD

Script vs. Human

This chart shows the percentage of human attacks within the overall attacks. Attacks operated by humans (as opposed to automated attack scripts) may suggest an insider threat or a more skillful external actor. These attackers don’t usually aim for crypto mining, traffic monetization or DDOS botnet creation. Instead, once access has been gained, they try to move laterally across the organization to steal confidential information, shut down activity for long periods of time, etc...

DOWNLOAD

Visit Our Research Lab

GuardiCore Labs

Our Resources

 

GuardiCore Global

Sensor Network (GGSN)

 

A network of deception servers installed in multiple data centers around the world, streaming early threat information to GuardiCore Labs for attack identification and analysis.

 

GuardiCore Reputation

Analysis (GRA)

 

A cloud-based service that identifies indicators of compromise (IoCs) based on the presence of suspicious domain names, IP addresses, and file hashes associated with known malicious activity.

 

Guardicore

Labs

 

GuardiCore’s global research team is comprised of leading cyber security experts whose mission is to provide analysis, insights and response methodologies to the latest cyber threats.

Want More?

If you have questions or comments about this threat data or want to learn more, contact our security experts.

Or email us at: labs@guardicore.com

For full experience and Past weeks navigation you’re  more than welcome to visit our desktop page

To Get The Big Picture Use a Bigger Screen

Visit our desktop site and navigate to previous weeks to get the big picture

Will Do, Thanks

Week Time

10k+

Sensors

550k+

Scanners

13

IOC types

10k+

Attackers