What is Mutual TLS (mTLS)?
Mutual Transport Layer Security (#mTLS) establishes an encrypted TLS connection in which both parties use X.509 digital certificates to authenticate and verify each other. MTLS can help mitigate the risk of moving services to the cloud, and prevent malicious third parties from imitating genuine apps. So, let’s start the clock for What is mTLS? Read What is mTLS? on F5 Labs. Not only does F5 Labs provide freely available Threat Intelligence, they also have an Educational series covering many types of attacks, threats, and essential security concepts. If you are getting started in cyber security or there’s always been that one topic you’ve never quite understood, #F5Labs will help you learn the basics.
F5 Labs Publishes the 2022 Application Protection Report
F5 Labs is elated to announce that we’ve published the 2022 Application Protection Report, our annual attempt to document the ongoing evolution of the threat landscape and provide mitigation guidance for security practitioners. As always, the report is long and detailed, and pulls from multiple different sources to try to get as close as possible to the messy truths of information security. It includes an analysis of about 1,000 publicly disclosed breaches from 2021 using three different data models, a snapshot of cloud risk from several different angles, and the (slightly modified) MITRE ATT&CK analysis and visualizations that we first used in the 2021 Application Protection Report. If you’ve got the time and the inclination, we think the full report’s worth the time, but if you just want the conclusions, here’s a precis: Malware grew in prevalence, playing a role in more than 30% of known U.S. data breach in 2021. While ransomware attacks continued to increase, many malware breaches exfiltrated data without encryption and a ransom, demonstrating the enduring demand for stolen data for use in later fraud. Exfiltration was the ATT&CK tactic that grew the most, featuring in nearly 80% of application attacks in 2021. Web exploits declined in prevalence, but became more focused on formjacking attacks (such as Magecart) against retail targets. Access attacks, such as phishing and credential stuffing, remained the single most common breach cause, and 24% of 2021 breaches were characterized by business email compromise. According to our analysis, the single most important mitigation is data backup, reflecting the threat of ransomware, but since modern ransomware strategies often compromise backups, a more holistic approach, including environment-wide hardening, is necessary. We hope it helps security practitioners stay one step ahead of attackers. Feedback is welcome at f5labs@f5.com.
F5 Labs 2019 TLS Telemetry Report Summary
Encryption standards are constantly evolving, so it is important to stay up to date with best practices. The 2019 F5 Labs TLS Telemetry Summary Report by David Warburton with additional contributions from Remi Cohen and Debbie Walkowski expands the scope of our research to bring you deeper insights into how encryption on the web is constantly evolving. We look into which ciphers and SSL/TLS versions are being used to secure the Internet’s top websites and, for the first time, examine the use of digital certificates on the web and look at supporting protocols (such as DNS) and application layer headers. On average, almost 86% of all page loads over the web are now encrypted with HTTPS. This is a win for consumer privacy and security, but it’s also posing a problem for those scanning web traffic. In our research we found that 71% of phishing sites in July 2019 were using secure HTTPS connections with valid digital certificates. This means we have to stop training users to “look for the HTTPS at the start of the address” since attackers are using deceptive URLs to emulate secure connections for their phishing and malware sites. Read our report for details and recommendations on how to bolster your HTTPS connections.Credential Stuffing Tools and Techniques
Credential stuffing is a type of cyberattack that uses credentials obtained from previous breaches to take over accounts on other web or mobile applications. This type of brute force attack relies on the fact that many people use the same usernames and passwords on multiple sites. Peter Silva starts the clock for #CredentialStuffing Tools and Techniques including #OpenBullet in this 90 Seconds of Security episode.The 2021 TLS Telemetry Report
Creating an encrypted HTTPS website depends on a lot more than simply throwing a digital certificate at it and hoping for the best. As old protocols prove to be insecure and new standards emerge, it has never been more important to keep HTTPS configurations up to date. Even though encryption can feel like a “solved problem,” the devil is still in the details. Today, the state of encryption on the Web is a case of taking two steps forward and one step back. So let’s start the clock to take a look at some of the highlights from F5 Labs 2021 TLS Telemetry Report.2021 Application Protection Report - Of Ransom and Redemption
Now in its 4th year, the #F5Labs 2021 Application Protection Report is our effort to boil the application security risk landscape down to put the initiative back into the hands of defenders. We analyzed more than 700 data breaches from 2020. I start the clock for an extended edition of some the highlights from F5 Labs 2021 #APR in this episode of 90 Seconds of Security. Get your copy of the F5 Labs 2021 Application Protection Report
