Akamai recently released the Prolexic Q1 2014 Global DDoS Attack Report. What follows are some of the key points, including a 114-percent increase in the average peak bandwidth of attacks.
Get In Touch
April 2014 Archives
It has been a very busy first quarter for the media team here at Akamai, where the technical folks have been elevating the quality of online video to all-new heights. In January at CES, we demonstrated 4K/Ultra HD streaming video with help from Qualcomm and Elemental. Last week at the NAB Show in Las Vegas, we showed what we believe was the world's first CDN-delivered 4K/Ultra HD 60 frames per second linear stream using Elemental's HEVC compression and MPEG-DASH packaging, highlighting the performance capabilities of our network and our new native DASH ingest feature.
The Akamai Prolexic Security Engineering & Response Team (PLXsert) has discovered a new tool attackers could use to target Microsoft Windows. The PLXsert advisory describes it this way:
The Storm kit is capable of infecting Windows XP (and higher) machines for malicious uses, including execution of DDoS attacks. Once a PC is infected, the Storm Network Stress Tester crimeware kit establishes remote administration (RAT) capabilities on the infected machine, enabling file uploads and downloads and the launching of executables, including four DDoS attack vectors.
A single PC infected by the new Storm crimeware kit can generate up to 12 Mbps of DDoS attack traffic with a single attack. As a result, orchestrated botnet attacks pose a significant DDoS threat. In addition, the RAT capability enables a variety of malicious activity, including the infection of other devices.
The RAT capabilities provide criminals with an all-purpose crimeware platform that can be used for a variety of malicious activity, including the infection of other devices, the advisory says.
"Remote administration lets malicious actors take over a PC from a distance, even from another continent," said Stuart Scholly, senior vice president and general manager of Security at Akamai Technologies. "In the last year, we've seen a growing volume of cyber-attacks coming from Asia. The Storm kit seems to have been custom-designed to infect and control vulnerable Windows XP machines in China."
One PC infected by the kit can generate up to 12 Mbps of DDoS attack traffic with a single attack. The kit comes pre-programmed to launch four types of DDoS attacks at once, increasing the potential attack volume.
A free download of the full advisory is available here.
Akamai PLXsert monitors malicious cyber threats globally and analyzes DDoS attacks using proprietary techniques and equipment. Through digital forensics and post‐attack analysis, PLXsert is able to build a global view of DDoS attacks, which is shared with customers and the security community.
By identifying the sources and associated attributes of individual attacks, the PLXsert team helps organizations adopt best practices and make more informed, proactive decisions about DDoS threats.
Cisco and Akamai Announce Solution to Enable Digital Experiences and Relieve Network Congestion
Today marks another important milestone in Akamai's relationship with Cisco. Together we are enabling IT to respond to the business challenges to support the huge traffic increases brought on by the digital era. Specifically, the IT challenge of supporting business leaders who are innovating at the branch office. Consider a retailer engaging customers with mobile assisted selling apps, digital displays and customer wi-fi. Think about a banker building out virtual branches to promote new financial services. Contemplate educators delivering a rich media curriculum to thousands of students. Reflect on business leaders adopting myriad digital experiences to improve productivity and drive revenues. In all these situations, organizations across the board are adopting new applications and services that require significantly more bandwidth than has been required in these "branch" locations. As important, these applications are no longer being hosted solely within the corporate data center. They are delivered from private or public cloud infrastructures, or directly from the Internet as a SaaS application.
A new variant of DNS amplification attack relies on home gateways with open DNS proxies to forward DNS queries to ISP resolvers. To launch this exploit attacker can deploy their exploit code anywhere on the Internet that allows address spoofing, a compromised server in a hosting facility for example. From there DNS queries can be targeted at any network with open home gateways. These queries enter ISP networks at border routers.
Great panel session at the Argyle Executive Forum last week around Next Generation of Customer Care. My peers continue to see technology and the Internet as tools to enable and strengthen the customer experience across all industries, yet they still see relationships at the heart of customer intimacy. Folks came from all disciplines are looking for ways to create the ultimate experience through their Customer Care centers. Web experience continues to be a strong component of the brand and paramount to building customer loyalty.
- Akamai, like all users of OpenSSL, was vulnerable to Heartbleed.
- Akamai disabled TLS heartbeat functionality before the Heartbleed vulnerability was publicly disclosed.
- In addition, Akamai went on to evaluate whether Akamai's unique secure memory arena may have provided SSL key protection during the vulnerability window when we had been vulnerable; it would not have.
- Akamai is reissuing customer SSL certificates, due to the original Heartbleed vulnerability.
It was only six months ago that Akamai opened its core technology, revealing the Open Platform Initiative strategy. The main idea was to enable everyone; every developer, every customer and every partner, to access Akamai technology and benefit from its amazing power. You may arguably say that this was a small step on a long path. But let's look back and see how much we walked, using the evolution of technology as our context.
As technology has evolved, there were milestones that changed the way we use it in our lives, milestones that changed and improved things forever. More importantly, technology plays a key role in the way we all behave, communicate, learn, share and spend our leisure time. Technology is now part of our lives, as it was never before.
- A program manager for InfoSec;
- A senior manager for Enterprise Security;
- A security architect for Adversarial Resilience; and
- A principal application software engineer for the Security Products Group.
Update 2014-04-11: Updated information on our later analysis here.
We're getting a lot of questions about the OpenSSL Heartbleed fix. What follows are the most commonly asked questions, with our answers.
The Heartbleed bug affects a heartbeat functionality within the TLS/DTLS portion of the library. It allows the attacker to -- silently and without raising alarms -- dump portions of the servers memory to the client. This can allow the attacker to walk through the memory space of the server, possibly dumping private SSL keys and certainly exposing important secrets.
All versions of the OpenSSL library between 1.0.1 and 1.0.1f contain the Heartbleed bug and should be updated to 1.0.1g as soon as possible. (The vulnerability researchers have posted their analysis, and an excellent analysis is up on Sean Cassidy's blog.
A fix is now available for a serious Open SSL flaw known as Heartbleed. The vulnerability, covered in CVE-2014-0160, affects OpenSSL 1.0.1 through 1.0.1f with two exceptions: OpenSSL 1.0.0 branch and 0.9.8.
Learn more about becoming an Akamai Partner: http://www.akamai.com/html/partners/index.html
As part of the competition, each team -- along with a new "CIO" -- was hired to take over IT operations for the fictional company EnV research Inc. The competition packet described the following scenario: "At the request of major stake holders, including the Department of Energy, the previous IT team was let go after confidential and proprietary EnV research documents surfaced online. As the new IT department, you will be tasked with securing the EnV network, while maintaining business operations."
NECCDC is the regional qualifier for the national Collegiate Cyber-Defense Competition (CCDC). The northeast region represents institutions in the states of New York, Maine, New Hampshire, Vermont, Massachusetts, Rhode Island, and Connecticut.
The NECCDC selected one winner and one alternate to represent the region in this year's CCDC in San Antonio, Texas, April 19-21.