Rapid7 Quarterly Threat Report: 2019 Q1

Rapid7 Quarterly Threat Report: 2019 Q1

Winter is over and spring is in full bloom, which means it’s time again for our newest Quarterly Threat Report. In this quarter, we look at the set of industries most commonly targeted, the continued use of remote entry, and the most common phishing sites seen by industry. Also, for the first time, we look at the MITRE ATT&CK framework and how it maps to our managed detection and response (MDR) incidents this quarter.


Remote entry for the win


One threat that just doesn’t seem to want to go away is remote entry. Organizations of all sizes need to watch out for this type of threat. These threats can come from different countries, third-party sources that have access to your internal network, or any attempt from an unknown external source.


All you need is credentials


This quarter, we look at a few perspectives of the part credentials play in the threat landscape. We also look at some of the most common phishing fake login pages that attackers use to obtain credentials and some different ports and services that attackers sweep the internet to take advantage of by entering common usernames and passwords.To take a look at these common passwords and usernames, we break these down by most commonly used within some of the most popular protocols.



Dive deep into the MITRE ATT&CK framework


New for this quarter is a mapping of the MITRE ATT&CK framework with our general and custom IDR detections, enabling us t ..