Akamai Diversity

The Akamai Blog

Public Research Docs: The List So Far

Akamai InfoSec has slowly been making its security advisories public. What follows is a list of what has been released so far. 

These can be found in the security research section of the Akamai Security microsite.

Attack Mitigation Case Studies

Slideshow of case studies on attack mitigation for the financial services industry. (Download from the research page linked to above)

NTP Reflection Attacks

Akamai is actively tracking industry reports regarding DDoS activity utilizing NTP amplification attacks. US-CERT has recently released advisories on NTP amplifications attacks and other UDP protocols.

Web Application Vulnerability Scanner: Skipfish

We have seen this scanner being used to attack financial sites -- looking for Remote File Includes (RFI) with the specific string www.google.com/humans.txt in the requested URL.

Account Checkers and Fraud

Akamai has observed attempted account takeover behavior for a customer resulting from reuse of credentials obtained from other sites. Attackers are using automated tools ("account checkers") to quickly determine valid userid/password combinations across a large number of ecommerce sites. Attackers using these tools can identify valid accounts rapidly, gain access and acquire names, addresses and credit card data from user profiles, as well as fraudulently acquire merchandise.

Recent Financial Services DDoS: Attacks: Ababil Phase II
From Dec. 10, 2012 through the week of Jan. 11, 2013, several financial institutions have been targeted by large DDoS attacks. This is the second phase of the Operation Ababil campaign waged by the hacktivist group known as Izz ad-Din al-Qassam Cyber Fighters (QCF for short). Akamai has been actively defending customers against this attack campaign. The BroBot botnet is being leveraged by QCF to launch these attacks.