<p>Android fans were probably chuckling over the XcodeGhost malware news - hackers don't often penetrate Apple's defenses. This provoked the Nominum, now part of Akamai, Data Science team to take a look at what's happening with malware targeting Android. Common wisdom is Android is exposed because there's less rigor in the development and supply chain, and third-party app stores with no protections are popular. Determined hackers can allegedly subvert defenses and get various kinds of exploits placed on mobile devices running the highly popular operating system. But what does the data show?</p>
Get In Touch
September 2015 Archives
While this year's Super Bowl XLIX pitted two powerhouse teams from Seattle and Boston squarely against one another, behind the scenes two other notable Seattle and Boston organizations worked closely to help ensure viewers could enjoy the game live online. The Super Bowl is just one of many of the major online events upon which
Microsoft and Akamai have collaborated, with others including the Sochi Winter Olympics and Brazil World Cup.
By Bill Brenner, Akamai SIRT Senior Tech Writer
Akamai's Security Intelligence Response Team (SIRT) is tracking XOR DDoS, a Trojan malware attackers are using to hijack Linux machines to include within a botnet for distributed denial of service (DDoS) campaigns. To date, the bandwidth of DDoS attacks coming from the XOR DDoS botnet has ranged from a few gigabits per second (Gbps) to 150+ Gbps. The gaming sector is the primary target, followed by educational institutions. Akamai SIRT released a threat advisory this morning authored by Security Response Engineer Tsvetelin "Vincent" Choranov.
For app developers who use or are looking to use Akamai application acceleration services, we've provided the following information to help you understand how our services comply with Apple iOS 9 App Transport Security (ATS) requirements.
In this episode, Bill Brenner, Martin McKeay and Dave Lewis discuss DEF CON 2015 in terms of content and substance. One of the hot-button topics discussed at DEF CON and other security events is the hacking of IOT devices, including smart cars, and the group analyzes the research necessary into possible vulnerabilities. The trio also discusses changes for the State of the Internet Security Report, beginning in Q3 2015, including reorganization of case studies and the inclusion of new data and new voices to represent different aspects of security.
The DNS offers visibility into many kinds of Internet trends including various security threats. We've reported extensively on DNS DDoS and Nominum, now part of Akamai, Data Science also tracks botnet activity. In this case queries for Command and Control (C&C) domains for the recently disclosed XcodeGhost malware were observed in September. Infected development tools were reported to have been used for the popular iOS app WeChat.
Over the last several years, many users have adopted mobile devices, including smartphones and tablets, as their primary means of accessing the Internet. A number of studies published over the past year illustrate this trend, especially among millennials. In addition, improvements to, and greater deployment of this technology by mobile network providers have led to mobile connection speeds that rival fixed broadband connections in some geographies. LTE-Advanced, which is being rolled out by carriers in countries around the world, provides for download speeds in the hundreds of Mbps range, with the latest Android and Apple devices including support for LTE-Advanced.
Written by Bill Brenner, senior tech writer in the Akamai SIRT
Akamai has officially launched a new Security Intelligence Response Team that combines the resources of Akamai's CSIRT and Prolexic's PLXsert teams, further integrating Prolexic and Akamai security research.
Akamai SIRT is a dedicated group of cyber threat researchers, analysts and incident responders that monitors malicious cyber threats globally and analyzes these attacks using proprietary techniques and equipment.
Through research, digital forensics, real time and post-event analysis, Akamai SIRT is able to build a global view of security threats, vulnerabilities, tactics, techniques and procedures (TTPs) as well as trends which are shared with customers and the security community. This further enables Akamai to protect customers from a wide variety of attacks ranging from abuse to scrapers to data breaches to hijacking to distributed denial of service. By identifying the sources and associated attributes of individual attacks, along with expert analysis to identify and mitigate security threats and vulnerabilities, Akamai SIRT helps organizations make more informed, proactive decisions.
As part of that mission, Akamai SIRT maintains close contact with peer organizations around the world, trains Akamai's security teams to recognize and counter attacks from a wide range of adversaries, acts as subject matter experts for customers under attack, and keeps customers and the security community informed by conducting briefings, issuing advisories, publishing threat intelligence, and producing Akamai's State of the Internet Security Report.
The Akamai SIRT protects customers and the broader public by applying security research, intelligence analysis, and Akamai's unique visibility into Internet threats.
Akamai SIRT publishes its research in the following places:
Akamai Technologies, Inc. is the global leader in Content Delivery Network (CDN) services, and has been since 1998 when it was incorporated by Dr. Tom Leighton and Danny Lewin. The company is a product of the annual MIT $50K Entrepreneurship Competition of 1997, during which Leighton and Lewin realized the potential in the Internet content delivery market and development efforts began in earnest in 1998. Their most notable, early achievements include March Madness, Star Wars trailers and Yahoo!. Named one of the 100 Best Places to Work by Computerworld, Akamai is the next company featured in the Purpose Driven Workplaces highlight. We spoke with Noelle Faris, a Principal of Investor Relations and President of the Akamai Foundation (the charitable arm of the organization) to discuss Akamai's corporate giving practices.
Description: The more you know about the security threat landscape and the mindset of malicious attackers, the stronger your cloud security strategy defense can be. In this session, members of Akamai's threat intelligence team will show how they use their expertise in security research and threat intelligence to stay one step ahead of cyber attackers. Learn about the threat landscape for 2015, emerging attack trends, techniques, toolkits and botnet activity.Session Date/Time: Wednesday Oct 21, 2:40-3:20 p.m.
Akamai Security Intelligence Response Team (SIRT) researchers Larry Cashdollar and Chad Seaman have spent months researching vulnerabilities in plug-ins often used with Wordpress. The results of that research are outlined in the Q2 State of the Internet Report, and an excerpt on the section can be found in this Akamai Blog post. In the following post, Larry shares some tips for researching Wordpress plug-ins.
By Larry Cashdollar, Senior Security Intelligence Response Engineer
I've been looking at Wordpress plugin code and discovering new vulnerabilities. The vulnerabilities range from Cross Site Scripting, Remote File Inclusion to blind SQL Injection. I'll admit I've enjoyed this research more than my examination of Ruby Gems because with Wordpress you can easily test a proof-of-concept exploit by setting up a Wordpress installation and testing your code against it.
Each year since 1970, The Banker has published a list of the world's 1000 largest banks, providing a key source of data and analysis for the industry. As the strategist for financial services for Akamai, I look forward to seeing this new list each summer, watching how Akamai's banking customers move up or down, and tracking our market penetration. But beyond that, The Banker provides excellent commentary on the shifts in global banking, the forces behind those movements, and the overall health of the sector.
Below is a summary of major points made in The Banker's most recent publication, along with my own thoughts on China.
With the continued growth in online commerce, one of the best ways to anticipate and prepare for the coming holiday season is to look back on what happened in 2014. A recent report from NRF captured data from 2014 holiday activities in North America. At a high level, the report found that consumers are more confident in the economy - leading to a likely increase in spending.
"...Confidence is on the rise -- 49.7% are confident or very confident in the economy, up from 42.2% last year -- and average gas prices are the lowest they've been in six years." 2015 Retail Holiday Planning Playbook, July 2015, National Retail Federation and Prosper Insights & Analytics.
Peak traffic from flash sales or new product launches can be problematic for many retailers during the holidays. With holiday season sales representing 25-35 percent of revenue for many retailers, getting your site prepared for peak can significantly affect your holiday revenue. A website's ability to deliver a great customer experience during peak can hinges on three key areas - infrastructure, application code and CDN configuration.
Though the holidays are still a few months away, now is the ideal time to run a peak threshold load test to determine how many users or how much traffic load you can have on your site before it becomes unresponsive. In a perfect world, everyone would have a staging environment that exactly mirrored their production environment to run this test on but that's not the case for many retailers. First things first for those running tests against your production environment -- make sure you coordinate with your IT teams, datacenter and CDN before and during testing to avoid any interruption to customer traffic. Without proper coordination, you could inadvertently cause a DDoS of your own website!
Stats. How geeky. And boring. I hardly remember anything from basic elementary math, let alone anything to do with statistical analysis at a college / university level. But it turns out that statistics can be incredibly useful in describing what's happening across a population, such as when you use Real User Monitoring (RUM) to get performance metrics (such as load times) across your user base.
Why is this important? Glad you asked. There is well-accepted evidence from some of the largest e-tailers including Amazon and Wal-Mart on the effect of conversions and sales revenues with a site's performance. Most of this data centers around median scores (in other words, the "average" performance of a page), where an increase (or decrease) in a page's median load times correlate to measurable changes in conversion rates. The reason why we use median instead of mean is because median is much more resistant to outliers that may markedly affect the "average" number, and hence distort what we perceive as the typical experience when visiting a page.
- Time: 12:30 - 1:30 p.m.
- Topic: Cloud Risk: Hype Vs. Reality
- Description: We'll discuss security best practices in the cloud and hear what is and isn't working for different companies. The ultimate lesson: Cloud security is attainable.
- Moderator: Bill Brenner, Senior Tech Writer, Akamai Security Intelligence Response Team (SIRT)
- Panelists: Andy Daudelin, Vice President, Cloud and Cloud Networking, AT&T, Mike Davis, CTO, CounterTack and Bernie McGroder, Vice President, Sales Engineering, GTT Communications Inc.
I look forward to a great discussion!