Threat Advisory: Suspicious Scanning Activity
November 7, 2018
Details
Herjavec Group has detected significant malicious scanning attempts across multiple client environments, including entertainment, finance and legal organizations. These scans, mostly targeting web applications and other external facing devices, do not appear to be targeted in nature but rather part of a general, large scale attempt to discover vulnerabilities within networks. Herjavec Group has observed several IPs scanning new clients daily, and increasing in intensity. The types of scans observed from the IP addresses below include (but are not limited to): Adobe ColdFusion, Apache Struts, XSS, directory traversal, and various remote code execution vulnerabilities. Exploitation of vulnerabilities identified by these scans could allow attackers to gain remote access to and take control of your environment. No known compromises have been observed or communicated to date.Technical Indicators
IP Addresses 206.189.201.149 Registered in the US 185.232.64.0/24 Registered in Romania 167.114.41.148 Registered in Ottawa, Leased in Taiwan 18.217.172.191 Registered in the US