Akamai Diversity
Home > September 2015

September 2015 Archives

Ghosts Haunt Internet II: Android Malware

<p>Android fans were probably chuckling over the XcodeGhost malware news - hackers don't often penetrate Apple's defenses. This provoked the Nominum, now part of Akamai, Data Science team to take a look at what's happening with malware targeting Android. Common wisdom is Android is exposed because there's less rigor in the development and supply chain, and third-party app stores with no protections are popular. Determined hackers can allegedly subvert defenses and get various kinds of exploits placed on mobile devices running the highly popular operating system. But what does the data show?</p>

Akamai at Velocity New York - See You at Kiosk #22!

We're counting down the days to Velocity New York (October 12-14) where Akamai will join web performance and DevOps experts from some of the most innovative companies in the world. Come by kiosk #22 to see the Akamai team and get a preview version of our upcoming High Performance Images O'Reilly book or see how we can help your site achieve peak performance.
The calendar may read September but for the retail industry, it's time to start preparing for holiday season, as traffic volumes to their websites and apps will start to increase. While increase in traffic volumes can certainly correlate to positive impact in sales, surges in activity can also result in downtime, if retailers are not ready for it.

Bringing the Akamai CDN to Microsoft Azure Customers

While this year's Super Bowl XLIX pitted two powerhouse teams from Seattle and Boston squarely against one another, behind the scenes two other notable Seattle and Boston organizations worked closely to help ensure viewers could enjoy the game live online. The Super Bowl is just one of many of the major online events upon which 

Microsoft and Akamai have collaborated, with others including the Sochi Winter Olympics and Brazil World Cup.

XOR DDoS Threat Advisory

By Bill Brenner, Akamai SIRT Senior Tech Writer

Akamai's Security Intelligence Response Team (SIRT) is tracking XOR DDoS, a Trojan malware attackers are using to hijack Linux machines to include within a botnet for distributed denial of service (DDoS) campaigns. To date, the bandwidth of DDoS attacks coming from the XOR DDoS botnet has ranged from a few gigabits per second (Gbps) to 150+ Gbps. The gaming sector is the primary target, followed by educational institutions. Akamai SIRT released a threat advisory this morning authored by Security Response Engineer Tsvetelin "Vincent" Choranov.

Akamai, iOS 9 and App Transport Security (ATS)

For app developers who use or are looking to use Akamai application acceleration services, we've provided the following information to help you understand how our services comply with Apple iOS 9 App Transport Security (ATS) requirements. 

Helpful Links:

Security Kahuna Podcast, Sept. 2015

In this episode, Bill Brenner, Martin McKeay and Dave Lewis discuss DEF CON 2015 in terms of content and substance. One of the hot-button topics discussed at DEF CON and other security events is the hacking of IOT devices, including smart cars, and the group analyzes the research necessary into possible vulnerabilities. The trio also discusses changes for the State of the Internet Security Report, beginning in Q3 2015, including reorganization of case studies and the inclusion of new data and new voices to represent different aspects of security.

XCodeGhost Haunts the 'Net

The DNS offers visibility into many kinds of Internet trends including various security threats. We've reported extensively on DNS DDoS and Nominum, now part of Akamai, Data Science also tracks botnet activity. In this case queries for Command and Control (C&C) domains for the recently disclosed XcodeGhost malware were observed in September. Infected development tools were reported to have been used for the popular iOS app WeChat.

Refining the State of the Internet Report

Over the last several years, many users have adopted mobile devices, including smartphones and tablets, as their primary means of accessing the Internet. A number of studies published over the past year illustrate this trend, especially among millennials. In addition, improvements to, and greater deployment of this technology by mobile network providers have led to mobile connection speeds that rival fixed broadband connections in some geographies.  LTE-Advanced, which is being rolled out by carriers in countries around the world, provides for download speeds in the hundreds of Mbps range, with the latest Android and Apple devices including support for LTE-Advanced.

Meet Akamai's Security Intelligence Response Team

Written by Bill Brenner, senior tech writer in the Akamai SIRT

Akamai has officially launched a new Security Intelligence Response Team that combines the resources of Akamai's CSIRT and Prolexic's PLXsert teams, further integrating Prolexic and Akamai security research.

Akamai SIRT is a dedicated group of cyber threat researchers, analysts and incident responders that monitors malicious cyber threats globally and analyzes these attacks using proprietary techniques and equipment. 

Through research, digital forensics, real time and post-event analysis, Akamai SIRT is able to build a global view of security threats, vulnerabilities, tactics, techniques and procedures (TTPs) as well as trends which are shared with customers and the security community. This further enables Akamai to protect customers from a wide variety of attacks ranging from abuse to scrapers to data breaches to hijacking to distributed denial of service.  By identifying the sources and associated attributes of individual attacks, along with expert analysis to identify and mitigate security threats and vulnerabilities, Akamai SIRT helps organizations make more informed, proactive decisions.

As part of that mission, Akamai SIRT maintains close contact with peer organizations around the world, trains Akamai's security teams to recognize and counter attacks from a wide range of adversaries, acts as subject matter experts for customers under attack, and keeps customers and the security community informed by conducting briefings, issuing advisories, publishing threat intelligence, and producing Akamai's State of the Internet Security Report.

The Akamai SIRT protects customers and the broader public by applying security research, intelligence analysis, and Akamai's unique visibility into Internet threats. 

Akamai SIRT publishes its research in the following places:

Webinar: Threats to Success in the Gaming Industry

We have a great webinar coming up on Sept 29th at 2pm EST - Threats to Success in the Gaming Industry. We'll be exploring gaming business challenges; this video tells you a bit more about our upcoming session. 

I hope you'll join us. Learn more and register to attend at: www.akamai.com/gamingwebinar

Nelson Rodriguez is Senior Marketing Manger for Games at Akamai. 

The STEM of Akamai's Success

Repost from the co.tribute blog: http://info.cotribute.com/featuredcompanies/akamai

* * * * *

Akamai Technologies, Inc. is the global leader in Content Delivery Network (CDN) services, and has been since 1998 when it was incorporated by Dr. Tom Leighton and Danny Lewin. The company is a product of the annual MIT $50K Entrepreneurship Competition of 1997, during which Leighton and Lewin realized the potential in the Internet content delivery market and development efforts began in earnest in 1998. Their most notable, early achievements include March Madness, Star Wars trailers and Yahoo!. Named one of the 100 Best Places to Work by Computerworld, Akamai is the next company featured in the Purpose Driven Workplaces highlight. We spoke with Noelle Faris, a Principal of Investor Relations and President of the Akamai Foundation (the charitable arm of the organization) to discuss Akamai's corporate giving practices. 

Edge 2015: Security Threat Landscape - A Year in review

A quick scheduling note ahead of Akamai Edge 2015: I'll be moderating a panel with fellow Akamai security researchers about the various trends we've been tracking in the last 12 months. If you're at Edge, please join us.

Security Threat Landscape - A Year in review
Description: The more you know about the security threat landscape and the mindset of malicious attackers, the stronger your cloud security strategy defense can be. In this session, members of Akamai's threat intelligence team will show how they use their expertise in security research and threat intelligence to stay one step ahead of cyber attackers. Learn about the threat landscape for 2015, emerging attack trends, techniques, toolkits and botnet activity.Session Date/Time: Wednesday Oct 21, 2:40-3:20 p.m.

The talk is part of a robust security track scheduled for this year. 

Researching WordPress Plugin Flaws

Akamai Security Intelligence Response Team (SIRT) researchers Larry Cashdollar and Chad Seaman have spent months researching vulnerabilities in plug-ins often used with Wordpress. The results of that research are outlined in the Q2 State of the Internet Report, and an excerpt on the section can be found in this Akamai Blog post. In the following post, Larry shares some tips for researching Wordpress plug-ins.


By Larry Cashdollar, Senior Security Intelligence Response Engineer

I've been looking at Wordpress plugin code and discovering new vulnerabilities. The vulnerabilities range from Cross Site Scripting, Remote File Inclusion to blind SQL Injection. I'll admit I've enjoyed this research more than my examination of Ruby Gems because with Wordpress you can easily test a proof-of-concept exploit by setting up a Wordpress installation and testing your code against it.

Recap of "The Banker: Top 1000 World Banks 2015"

Each year since 1970, The Banker has published a list of the world's 1000 largest banks, providing a key source of data and analysis for the industry.  As the strategist for financial services for Akamai, I look forward to seeing this new list each summer, watching how Akamai's banking customers move up or down, and tracking our market penetration.  But beyond that, The Banker provides excellent commentary on the shifts in global banking, the forces behind those movements, and the overall health of the sector.

Below is a summary of major points made in The Banker's most recent publication, along with my own thoughts on China.

9-11 Anniversary: Danny Lewin's Life and Legacy

Today is the 14th anniversary of the Sept. 11, 2001 terrorist attacks. To mark the occasion, I'd like to share this post from 2013, in which Akamai CEO Tom Leighton and CSO Andy Ellis share memories of co-founder Danny Lewin -- including his tragic death aboard American Airlines Flight 11 that tragic day. They shed more light into Akamai's actions that day, which kept the Internet running in the face of crushing demand for information.

The interviews coincided with the release of a book about Danny called "No Better Time: The Brief, Remarkable Life of Danny Lewin, The Genius Who Transformed The Internet."

With the continued growth in online commerce, one of the best ways to anticipate and prepare for the coming holiday season is to look back on what happened in 2014. A recent report from NRF captured data from 2014 holiday activities in North America. At a high level, the report found that consumers are more confident in the economy - leading to a likely increase in spending.

"...Confidence is on the rise -- 49.7% are confident or very confident in the economy, up from 42.2% last year -- and average gas prices are the lowest they've been in six years." 2015 Retail Holiday Planning Playbook, July 2015, National Retail Federation and Prosper Insights & Analytics.

Mentoring with Girls Who Code

This summer was an educational summer for me.  When I saw that Akamai was hosting a Girls Who Code session this summer, I couldn't have been more excited to contribute to the program.  
I volunteered as a mentor for the summer, but I would be mentoring in a way I never had before.  I've spent a summer teaching middle school students about Newtonian mechanics and how to program in C, but this was a new dimension of mentoring for me.  Instead of developing technical skill or intuition, I would be talking through the experience of a woman in tech.

Peak traffic from flash sales or new product launches can be problematic for many retailers during the holidays. With holiday season sales representing 25-35 percent of revenue for many retailers, getting your site prepared for peak can significantly affect your holiday revenue. A website's ability to deliver a great customer experience during peak can hinges on three key areas - infrastructure, application code and CDN configuration.

Though the holidays are still a few months away, now is the ideal time to run a peak threshold load test to determine how many users or how much traffic load you can have on your site before it becomes unresponsive. In a perfect world, everyone would have a staging environment that exactly mirrored their production environment to run this test on but that's not the case for many retailers. First things first for those running tests against your production environment -- make sure you coordinate with your IT teams, datacenter and CDN before and during testing to avoid any interruption to customer traffic. Without proper coordination, you could inadvertently cause a DDoS of your own website!

No Matter How Different the Underlying Business Issues, Many of the Challenges are "Identical". 
Here's an example of a typical networking conversation you'll encounter at Akamai Edge Healthcare Forum

Learn more about Edge and register here.

Ginny Carpenter is the manager of industry marketing for healthcare at Akamai.

Descriptive Statistics for #WebPerf

Stats.  How geeky.  And boring.  I hardly remember anything from basic elementary math, let alone anything to do with statistical analysis at a college / university level.  But it turns out that statistics can be incredibly useful in describing what's happening across a population, such as when you use Real User Monitoring (RUM) to get performance metrics (such as load times) across your user base.

Why is this important?  Glad you asked.  There is well-accepted evidence from some of the largest e-tailers including Amazon and Wal-Mart on the effect of conversions and sales revenues with a site's performance.  Most of this data centers around median scores (in other words, the "average" performance of a page), where an increase (or decrease) in a page's median load times correlate to measurable changes in conversion rates.  The reason why we use median instead of mean is because median is much more resistant to outliers that may markedly affect the "average" number, and hence distort what we perceive as the typical experience when visiting a page.

Akamai at Cloud Partners Conference

Scheduling note: I'll be moderating a keynote panel at the Cloud Partners Conference in Boston Wednesday, Sept. 16. The conference is Sept. 16-18 at the Hynes Convention Center.

Panel details:
  • Time: 12:30 - 1:30 p.m.
  • Topic: Cloud Risk: Hype Vs. Reality
  • Description: We'll discuss security best practices in the cloud and hear what is and isn't working for different companies. The ultimate lesson: Cloud security is attainable.
  • Moderator: Bill Brenner, Senior Tech Writer, Akamai Security Intelligence Response Team (SIRT)
  • Panelists: Andy Daudelin, Vice President, Cloud and Cloud Networking, AT&T, Mike Davis, CTO, CounterTack and Bernie McGroder, Vice President, Sales Engineering, GTT Communications Inc.

I look forward to a great discussion!

Akamai Edge 2015 Cloud Security Track

Next month, I'll be at the Akamai Edge customer conference. It's a terrific opportunity to meet face-to-face with a lot of our customers and get their feedback on what's working for them and what we can improve upon. A robust Web Security track of talks is planned, and I'll be blogging about it. 

The security track will run each day of Edge. Here's a tentative look at some of the discussions we have planned.

"If you want to go somewhere, it's best to find someone who has already been there."
The ability to network with your peers in the healthcare industry is one of the #1 benefits of attending Akamai Edge Healthcare Forum.

Learn more about Edge and register here.

Ginny Carpenter is the manager of industry marketing for healthcare at Akamai.