Akamai Diversity
Home > May 2017

May 2017 Archives

The Domain Name System - the DNS - is the foundation of the internet. Beyond connecting IP addresses with web requests, DNS provides the basis for both the detection of and protection from global cyberthreats before they reach an organization's corporate network resources --particularly given that more than 90% of malware uses DNS for command and control. This presents a tremendous opportunity for service providers to utilize their DNS infrastructure to provide security services to their business customers, which have a tremendous need for stronger, more proactive cyber protection.

The State of the Internet Report is growing up - with this issue, it enters its tenth year of publication.  Over time, it has matured in many ways, including its length, design, and the content it includes.  Looking back at that first issue (all 17 pages of it), for the first quarter of 2008, we find that the report covered:

Overview

Can you imagine anyone buying a car without airbags and without seat belts? I bet you can't!

So why is it that we buy computers without Antivirus software already installed, home routers without a firewall already installed or connected devices (IoT) that are lacking proper security controls?

With cyberattacks affecting SMBs at an alarming rate, business owners are challenged with putting strong enough security in place to protect them from the average $20,000 price tag per incident. Ransomware, in particular, has hit the SMB sector hard. As stated in a recent study by Arctic Wolf Networks, last year saw a 433% increase in ransomware attacks against SMBs1 - a number that is expected to grow.

Written by Avi Aminov and Or Katz

Overview

Imagine you are standing in the middle of a crowded train station and want to have a private conversation with an old friend. You've been waiting for the perfect time to contact him and get some advice on how to move forward with some important life choices.

But you couldn't wait any longer, and now you're on a train platform. There are many people around you. They're watching every move you make and listening to each word you say. You really, really need this conversation to be private!

Last time I talked about how a proactive approach to defending against targeted threats using cloud-based recursive DNS and threat intelligence just makes sense. Taking this proactive approach early in the killchain can help mitigate known and unknown threats before any IP connection, file download or execution even happens.

So, what are some of the common targeted threats and/or DNS-based techniques that we run across? We generally see malware, ransomware, and phishing. Most of which leverage some form of command and control (C2) callbacks. We also observe plenty of blacklist evasion and some cases of DNS based data exfiltration - all helped along by a general lack of visibility into enterprise DNS traffic.

Taking a Defense in Depth Approach to Ransomware

By now you've most likely heard about the WannaCry (a.k.a. WannaCrypt) ransomware that began wreaking havoc in parts of the world this past Friday (May 12, 2017). Given Nominum's, now part of Akamai, broad, deep view into DNS data from our service provider customers around the world, we were able to gather insights into how WannaCry made its way onto subscriber networks around the globe (see the WannaCry: views from the DNS frontline in our Data Science blog for more thoughts).

WannaCry: What We Know

On Friday, May 12, news agencies around the world reported that a new ransomware threat was spreading rapidly. Akamai's  incident response teams and researchers worked quickly to understand this new threat and how to mitigate it. This blog post is a summary of what Akamai knows at this point.

Remember that this is still an evolving threat and this information may change.

Akamai will update this post as we collect new information.

DDoS Attacks against DNS Infrastructure in the News

DNS-based DDoS attacks have gained mindshare among Akamai customers lately, most recently with last year's Dyn attacks (written about on the Akamai Blog here and here) and this week's attack against Cedexis. DNS infrastructure is a ripe target for malicious actors hoping to disrupt a digital property's availability because it provides the initial resolution for an end user's browser client from hostname to IP address. At best, an attack against your DNS records can significantly delay an end user's connection. At worst, it can render your application inaccessible to the end user, either through a denial of service or through a DNS record hijack or forgery. DNS attacks have consistently been one of the top attack vectors for DDoS, according to Akamai's recent security data.

From "New Core Domains" to "Zero-day Attacks"

Excerpted from Nominum Spring 2017 Security Report

In late April, we released the Nominum Spring 2017 Security Report, the latest report on our security research team's DNS and HTTP analysis which provides a comprehensive view of the current cyberthreat landscape. In the report, we take a look at "new core domains" and how they help us identify "zero-day attacks" so we can take steps mitigate them.

As technology continues to develop, more and more applications become not just convenient, but necessary. It was less than a decade ago that it was inconceivable we would 'need' to carry a consumer device to access the internet in our pockets. Today, it is essential. The same is true with the applications we use for business, commerce and government. They need to be accessible in our pockets 24/7.

Along with this convenience comes the hassles of securely gaining access to these applications, and to do so without putting the security of important organizational data at risk.

Not all Cloud Solutions are Created Equal

The errant swing of a backhoe in a New Jersey field cuts through a major cloud provider's underground cable, bringing activity along the U.S. Eastern Seaboard to a crashing halt.

The outage hits some businesses hard. Every minute of downtime means thousands of dollars of lost revenue and hordes of angry users. But they've no choice but to wait until crews physically arrive on site to repair the cable before business can resume.

Other businesses don't notice a thing. The dollars continue to roll in.

Both groups of businesses rely on cloud solutions for their workflows. So what's the difference?

Akamai IT Challenge - 100 apps on EAA in 100 days

About a month or so ago I shared a quick video interview with Joe DeFelice. Joe is a Sr. Director Enterprise Security & Infrastructure Engineering here at Akamai. In the video Joe outlines a few of the major initiatives he and the team are working on, including moving towards eliminating the VPN.

Since then quite a lot has happened. In particular the challenge that Joe set his team - move delivery and access of 100 Akamai enterprise applications to Enterprise Application Access, all in 100 days.

Akamai Wins with Live OTT at NAB

The latest version of Akamai's Media Services Live streaming solution, featuring the addition of new liveOrigin capabilities specifically for live and 24/7 linear OTT video delivery, earned two awards at last week's 2017 NAB Show in Las Vegas. Streaming Media named it one of its six "Best of NAB" products while TV Technology recognized it with a "Best of Show" award.

There's no doubt the at-show demonstration was key to helping garner those accolades. We were pleased to partner with Playmaker Media, the live streaming and VOD technology service launched last year by NBC Sports Digital, to feature a live OTT feed of NBC Sports Network streaming via Apple TV displayed adjacent to a local Las Vegas cable feed being delivered through a standard set-top box (for the record, the monitors and calibration were identical).