F5 Labs Publishes the 2022 Application Protection Report
F5 Labs is elated to announce that we’ve published the 2022 Application Protection Report, our annual attempt to document the ongoing evolution of the threat landscape and provide mitigation guidance for security practitioners. As always, the report is long and detailed, and pulls from multiple different sources to try to get as close as possible to the messy truths of information security. It includes an analysis of about 1,000 publicly disclosed breaches from 2021 using three different data models, a snapshot of cloud risk from several different angles, and the (slightly modified) MITRE ATT&CK analysis and visualizations that we first used in the 2021 Application Protection Report. If you’ve got the time and the inclination, we think the full report’s worth the time, but if you just want the conclusions, here’s a precis: Malware grew in prevalence, playing a role in more than 30% of known U.S. data breach in 2021. While ransomware attacks continued to increase, many malware breaches exfiltrated data without encryption and a ransom, demonstrating the enduring demand for stolen data for use in later fraud. Exfiltration was the ATT&CK tactic that grew the most, featuring in nearly 80% of application attacks in 2021. Web exploits declined in prevalence, but became more focused on formjacking attacks (such as Magecart) against retail targets. Access attacks, such as phishing and credential stuffing, remained the single most common breach cause, and 24% of 2021 breaches were characterized by business email compromise. According to our analysis, the single most important mitigation is data backup, reflecting the threat of ransomware, but since modern ransomware strategies often compromise backups, a more holistic approach, including environment-wide hardening, is necessary. We hope it helps security practitioners stay one step ahead of attackers. Feedback is welcome at f5labs@f5.com.
F5 Labs 2019 TLS Telemetry Report Summary
Encryption standards are constantly evolving, so it is important to stay up to date with best practices. The 2019 F5 Labs TLS Telemetry Summary Report by David Warburton with additional contributions from Remi Cohen and Debbie Walkowski expands the scope of our research to bring you deeper insights into how encryption on the web is constantly evolving. We look into which ciphers and SSL/TLS versions are being used to secure the Internet’s top websites and, for the first time, examine the use of digital certificates on the web and look at supporting protocols (such as DNS) and application layer headers. On average, almost 86% of all page loads over the web are now encrypted with HTTPS. This is a win for consumer privacy and security, but it’s also posing a problem for those scanning web traffic. In our research we found that 71% of phishing sites in July 2019 were using secure HTTPS connections with valid digital certificates. This means we have to stop training users to “look for the HTTPS at the start of the address” since attackers are using deceptive URLs to emulate secure connections for their phishing and malware sites. Read our report for details and recommendations on how to bolster your HTTPS connections.Credential Stuffing Tools and Techniques
Credential stuffing is a type of cyberattack that uses credentials obtained from previous breaches to take over accounts on other web or mobile applications. This type of brute force attack relies on the fact that many people use the same usernames and passwords on multiple sites. Peter Silva starts the clock for #CredentialStuffing Tools and Techniques including #OpenBullet in this 90 Seconds of Security episode.What is Mutual TLS (mTLS)?
Mutual Transport Layer Security (#mTLS) establishes an encrypted TLS connection in which both parties use X.509 digital certificates to authenticate and verify each other. MTLS can help mitigate the risk of moving services to the cloud, and prevent malicious third parties from imitating genuine apps. So, let’s start the clock for What is mTLS? Read What is mTLS? on F5 Labs. Not only does F5 Labs provide freely available Threat Intelligence, they also have an Educational series covering many types of attacks, threats, and essential security concepts. If you are getting started in cyber security or there’s always been that one topic you’ve never quite understood, #F5Labs will help you learn the basics.
