F5 Labs is excited to announce the first in a new series of articles named the Sensor Intel Series. This series is focused on attacker targeting and attack techniques based on data from our partners Effluxio, who maintain a globally distributed network of sensors that log reconnaissance and attack activity. We’ve got many big schemes for this series going forward, but to kick things off we are focused on monthly reporting about vulnerability targeting. While the same handful of CVEs have constituted the bulk of identifiable traffic, their relative proportions and traffic rankings have changed hands many times over the last six months, as you can see:
Of these 6 high-frequency CVEs at the top, five are remote code execution (RCE) vulnerabilities, 2 are IoT vulnerabilities, and one is an administrator password disclosure. The inaugural article also contains short writeups of each of the 29 identified vulnerabilities, including how attackers in our logs were attempting to exploit them.
We dropped six months’ worth of data for this first one, but going forward we will update this plot monthly and write up any vulnerabilities that show up in the logs. Look out for our July update in just a few weeks.