September 2015 Archives

<p>Android fans were probably chuckling over the XcodeGhost malware news - hackers don't often penetrate Apple's defenses. This provoked the Nominum, now part of Akamai, Data Science team to take a look at what's happening with malware targeting Android. Common wisdom is Android is exposed because there's less rigor in the development and supply chain, and third-party app stores with no protections are popular. Determined hackers can allegedly subvert defenses and get various kinds of exploits placed on mobile devices running the highly popular operating system. But what does the data show?</p>

We're counting down the days to Velocity New York (October 12-14) where Akamai will join web performance and DevOps experts from some of the most innovative companies in the world. Come by kiosk #22 to see the Akamai team and get a preview version of our upcoming High Performance Images O'Reilly book or see how we can help your site achieve peak performance.

The calendar may read September but for the retail industry, it's time to start preparing for holiday season, as traffic volumes to their websites and apps will start to increase. While increase in traffic volumes can certainly correlate to positive impact in sales, surges in activity can also result in downtime, if retailers are not ready for it.

While this year's Super Bowl XLIX pitted two powerhouse teams from Seattle and Boston squarely against one another, behind the scenes two other notable Seattle and Boston organizations worked closely to help ensure viewers could enjoy the game live online. The Super Bowl is just one of many of the major online events upon which 

Microsoft and Akamai have collaborated, with others including the Sochi Winter Olympics and Brazil World Cup.

By Bill Brenner, Akamai SIRT Senior Tech Writer

Akamai's Security Intelligence Response Team (SIRT) is tracking XOR DDoS, a Trojan malware attackers are using to hijack Linux machines to include within a botnet for distributed denial of service (DDoS) campaigns. To date, the bandwidth of DDoS attacks coming from the XOR DDoS botnet has ranged from a few gigabits per second (Gbps) to 150+ Gbps. The gaming sector is the primary target, followed by educational institutions. Akamai SIRT released a threat advisory this morning authored by Security Response Engineer Tsvetelin "Vincent" Choranov.

For app developers who use or are looking to use Akamai application acceleration services, we've provided the following information to help you understand how our services comply with Apple iOS 9 App Transport Security (ATS) requirements. 

Helpful Links:

• Apple release notes
• ATS requirement details
• Pre-iOS9 app behavior

In this episode, Bill Brenner, Martin McKeay and Dave Lewis discuss DEF CON 2015 in terms of content and substance. One of the hot-button topics discussed at DEF CON and other security events is the hacking of IOT devices, including smart cars, and the group analyzes the research necessary into possible vulnerabilities. The trio also discusses changes for the State of the Internet Security Report, beginning in Q3 2015, including reorganization of case studies and the inclusion of new data and new voices to represent different aspects of security.

• Play the Episode

The DNS offers visibility into many kinds of Internet trends including various security threats. We've reported extensively on DNS DDoS and Nominum, now part of Akamai, Data Science also tracks botnet activity. In this case queries for Command and Control (C&C) domains for the recently disclosed XcodeGhost malware were observed in September. Infected development tools were reported to have been used for the popular iOS app WeChat.

Over the last several years, many users have adopted mobile devices, including smartphones and tablets, as their primary means of accessing the Internet. A number of studies published over the past year illustrate this trend, especially among millennials. In addition, improvements to, and greater deployment of this technology by mobile network providers have led to mobile connection speeds that rival fixed broadband connections in some geographies.  LTE-Advanced, which is being rolled out by carriers in countries around the world, provides for download speeds in the hundreds of Mbps range, with the latest Android and Apple devices including support for LTE-Advanced.

Written by Bill Brenner, senior tech writer in the Akamai SIRT

Akamai has officially launched a new Security Intelligence Response Team that combines the resources of Akamai's CSIRT and Prolexic's PLXsert teams, further integrating Prolexic and Akamai security research.

Akamai SIRT is a dedicated group of cyber threat researchers, analysts and incident responders that monitors malicious cyber threats globally and analyzes these attacks using proprietary techniques and equipment. 

Through research, digital forensics, real time and post-event analysis, Akamai SIRT is able to build a global view of security threats, vulnerabilities, tactics, techniques and procedures (TTPs) as well as trends which are shared with customers and the security community. This further enables Akamai to protect customers from a wide variety of attacks ranging from abuse to scrapers to data breaches to hijacking to distributed denial of service.  By identifying the sources and associated attributes of individual attacks, along with expert analysis to identify and mitigate security threats and vulnerabilities, Akamai SIRT helps organizations make more informed, proactive decisions.

As part of that mission, Akamai SIRT maintains close contact with peer organizations around the world, trains Akamai's security teams to recognize and counter attacks from a wide range of adversaries, acts as subject matter experts for customers under attack, and keeps customers and the security community informed by conducting briefings, issuing advisories, publishing threat intelligence, and producing Akamai's State of the Internet Security Report.

The Akamai SIRT protects customers and the broader public by applying security research, intelligence analysis, and Akamai's unique visibility into Internet threats. 

Akamai SIRT publishes its research in the following places:

• The Akamai Community Security Research Space

• The State of The Internet website

• The Akamai Blog

• The Akamai.com security section

Repost from the co.tribute blog: http://info.cotribute.com/featuredcompanies/akamai

Security Threat Landscape - A Year in review
Description: The more you know about the security threat landscape and the mindset of malicious attackers, the stronger your cloud security strategy defense can be. In this session, members of Akamai's threat intelligence team will show how they use their expertise in security research and threat intelligence to stay one step ahead of cyber attackers. Learn about the threat landscape for 2015, emerging attack trends, techniques, toolkits and botnet activity.Session Date/Time: Wednesday Oct 21, 2:40-3:20 p.m.

Akamai Security Intelligence Response Team (SIRT) researchers Larry Cashdollar and Chad Seaman have spent months researching vulnerabilities in plug-ins often used with Wordpress. The results of that research are outlined in the Q2 State of the Internet Report, and an excerpt on the section can be found in this Akamai Blog post. In the following post, Larry shares some tips for researching Wordpress plug-ins.

***

By Larry Cashdollar, Senior Security Intelligence Response Engineer

I've been looking at Wordpress plugin code and discovering new vulnerabilities. The vulnerabilities range from Cross Site Scripting, Remote File Inclusion to blind SQL Injection. I'll admit I've enjoyed this research more than my examination of Ruby Gems because with Wordpress you can easily test a proof-of-concept exploit by setting up a Wordpress installation and testing your code against it.

Each year since 1970, The Banker has published a list of the world's 1000 largest banks, providing a key source of data and analysis for the industry.  As the strategist for financial services for Akamai, I look forward to seeing this new list each summer, watching how Akamai's banking customers move up or down, and tracking our market penetration.  But beyond that, The Banker provides excellent commentary on the shifts in global banking, the forces behind those movements, and the overall health of the sector.

Below is a summary of major points made in The Banker's most recent publication, along with my own thoughts on China.

With the continued growth in online commerce, one of the best ways to anticipate and prepare for the coming holiday season is to look back on what happened in 2014. A recent report from NRF captured data from 2014 holiday activities in North America. At a high level, the report found that consumers are more confident in the economy - leading to a likely increase in spending.

"...Confidence is on the rise -- 49.7% are confident or very confident in the economy, up from 42.2% last year -- and average gas prices are the lowest they've been in six years." 2015 Retail Holiday Planning Playbook, July 2015, National Retail Federation and Prosper Insights & Analytics.

Peak traffic from flash sales or new product launches can be problematic for many retailers during the holidays. With holiday season sales representing 25-35 percent of revenue for many retailers, getting your site prepared for peak can significantly affect your holiday revenue. A website's ability to deliver a great customer experience during peak can hinges on three key areas - infrastructure, application code and CDN configuration.

Though the holidays are still a few months away, now is the ideal time to run a peak threshold load test to determine how many users or how much traffic load you can have on your site before it becomes unresponsive. In a perfect world, everyone would have a staging environment that exactly mirrored their production environment to run this test on but that's not the case for many retailers. First things first for those running tests against your production environment -- make sure you coordinate with your IT teams, datacenter and CDN before and during testing to avoid any interruption to customer traffic. Without proper coordination, you could inadvertently cause a DDoS of your own website!

Stats.  How geeky.  And boring.  I hardly remember anything from basic elementary math, let alone anything to do with statistical analysis at a college / university level.  But it turns out that statistics can be incredibly useful in describing what's happening across a population, such as when you use Real User Monitoring (RUM) to get performance metrics (such as load times) across your user base.

Why is this important?  Glad you asked.  There is well-accepted evidence from some of the largest e-tailers including Amazon and Wal-Mart on the effect of conversions and sales revenues with a site's performance.  Most of this data centers around median scores (in other words, the "average" performance of a page), where an increase (or decrease) in a page's median load times correlate to measurable changes in conversion rates.  The reason why we use median instead of mean is because median is much more resistant to outliers that may markedly affect the "average" number, and hence distort what we perceive as the typical experience when visiting a page.

Scheduling note: I'll be moderating a keynote panel at the Cloud Partners Conference in Boston Wednesday, Sept. 16. The conference is Sept. 16-18 at the Hynes Convention Center.

Panel details:

• Time: 12:30 - 1:30 p.m.
• Topic: Cloud Risk: Hype Vs. Reality
• Description: We'll discuss security best practices in the cloud and hear what is and isn't working for different companies. The ultimate lesson: Cloud security is attainable.
• Moderator: Bill Brenner, Senior Tech Writer, Akamai Security Intelligence Response Team (SIRT)
• Panelists: Andy Daudelin, Vice President, Cloud and Cloud Networking, AT&T, Mike Davis, CTO, CounterTack and Bernie McGroder, Vice President, Sales Engineering, GTT Communications Inc.

I look forward to a great discussion!

Next month, I'll be at the Akamai Edge customer conference. It's a terrific opportunity to meet face-to-face with a lot of our customers and get their feedback on what's working for them and what we can improve upon. A robust Web Security track of talks is planned, and I'll be blogging about it.