Akamai Diversity

The Akamai Blog

Attack Techniques and Defenses: An Anthology

Akamai's security team defends customers from a variety of threats 24 hours a day, seven days a week. You name it: DDoS attacks, DNS-related attacks, vulnerability exploitation -- we've seen it all.

What follows is a collection of posts focusing on attack techniques and the defenses we have deployed and/or suggested.

Indonesian Attack Traffic Tops List; Port 445 No Longer Main Target

Indonesia replaces China as the top producer of attack traffic.

Dissecting Operation Ababil at Akamai Edge

Operation Ababil has been a thorn in the side of financial institutions this past year, costing victims both business and sleep. At Akamai Edge, we talked a lot about the attacks -- particularly the lessons we've learned and the fresh security measures companies have put in place.

Manipulating PHP Superglobal Variables

How attackers are able to use vulnerabilities in PHP applications to exploit superglobals -- pre-defined variables in PHP -- to launch malicious code.

Bots, Crawlers Not Created Equally

How to squeeze the maximum usefulness out of bots and other Web crawlers.

Was This Really One of the Internet's Biggest Attacks?

story in eWeek about "one of the largest attacks in the history of the Internet" describes a 9-hour barrage against an unnamed entity that swelled to 100 Gigabits of traffic at its peak. But does it really qualify as one of the biggest in Internet history?

Defending Against Watering-Hole Attacks

A look at "watering-hole" attacks and what Akamai's CSIRT team has learned in tracking them.

SEA Attacks Illustrate Need for Better DNS Security

The Syrian Electronic Army (SEA) -- a pro-Assad hacking group -- is making misery for some of the biggest entities on the Internet.

Mapping Networks and Data: Safety in Numbers

This post focuses on another way we keep Internet traffic flowing smoothly in the face of attempted attacks: network and data mapping.

DDoS Attacks Used As Cover For Other Crimes

Protecting customers from DDoS attacks is an Akamai InfoSec specialty. When we see DDoS attempts against our customers, the typical thinking is that someone is doing it to force sites into downtime, which can cost a business millions in lost online sales. But sometimes, these attacks are simply a cover operation to distract the victim while something else is going on. 

Blunting Attacks During Olympic-sized Events

InfoSec receives many questions from Akamai customers on a daily basis. A few months ago, someone asked if we had a case study on attack vectors against the 2012 London Olympics. The customer has a big event coming up, and wanted a picture of what they're up against -- and how they can defend against it all to keep their sites running smoothly. As it turned out, we did.

As is true of every year at Black Hat there are some talks that catch our attention. Talks range from the well thought out research papers to those of the narcissistic vulnerability pimps. This year was no exception. A talk entitled "Denying Service to DDoS Protection Services" by Allison Nixon is a presentation which fell into the well thought out column. This talk caught our attention for the obvious reason that we provide this as a service to our customers.

Thumbnail image for cyber-attack.jpg