August 2017 Archives

With IoT on the rise, consumers are rightfully afraid of privacy invasions. But, infected devices can serve far more sinister purposes. Herewith, we breakdown the ways a botnet works.

The Summer Immersion Program for Girls Who Code at Akamai wrapped up this past week. The girls finished their final projects and presented them at a graduation ceremony attended by friends and family as well as supporters and mentors from Akamai.

You've been dreading the conversation. You know there's no way out of it, given the timeline. Your execs have made it clear that the very large marketing spend is going to hit during the week when two of your engineers were planning to be on vacation.

You've got a brilliant team that has helped you stand up games and keep them working even when the fan excitement threatened to overwhelm your servers. This time, you know the plan is for a global launch, and in the back of your mind you're worried you've underbuilt. There's good reason for this - infrastructure isn't free, and there's no way you'd get the budget to build out to the best case scenario all over the world. This situation is one you've tried to plan for, until the marketing dates moved.

Introduction

On August 17th, 2017, multiple Content Delivery Networks (CDNs) and content providers were subject to significant attacks from a botnet dubbed WireX. The botnet is named for an anagram for one of the delimiter strings in its command and control protocol. The WireX botnet comprises primarily Android devices running malicious applications and is designed to create DDoS traffic. The botnet is sometimes associated with ransom notes to targets.

A few days ago, Google was alerted that this malware was available on its Play Store. Shortly following the notification, Google removed hundreds of affected applications and started the process to remove the applications from all devices.

We just conducted our monthly Cyber Insider discussion, this time focusing on what deep analysis of new core domains reveals about new threats and zero-day malware. As a company that processes 1.7 trillion DNS queries a day and analyzes 100 billion queries a day from our global service provider customers, we are in a unique position to gain insights.

In "What makes a good 'DNS Blacklist'? - Part 1", we explored the background and factors that have gone into Akamai's thinking behind New security products like Enterprise Threat Protect (ETP). This article continues with a list of factors and questions to ask any DNS Threat Feed providers, including Akamai.

What should enterprises look for in the DNS Threat Policies?

DNS Threat Policies are more than a DNS Blacklist.  The term "DNS threat policy" refers to a combination of three factors: the reputation of the FQDNs or IP, the reference to the threat vector (C&C, downloader, etc),  and the action (NXDOMAIN, Null Response, Redirect to Remediation Page, Redirect to Tracker, etc). A DNS Threat Policy is more than a "threat feed." It is more than a "DNS blacklist.".

Reflections on Modern Actionable Threat Intelligence used to turn a DNS Resolver into a Critical Security Tool

Akamai has just launched the Enterprise Threat Protection (ETP) platform. ETP is built on Akamai's global AnswerX Cloud that now reaches 28 countries and is expanding to new countries every month. As a new player in Cloud DNS resolver services, competitors will ask "why Akamai?" or "what gives Akamai the knowledge and capacity to build effective DNS blacklists?" These are good questions from our competition, and are also questions that our customers should ask. Let's explore why Akamai is in a unique position to help enterprises and carriers use Akamai's Cloud Security Intelligence (CSI) as a DNS Security Policy tool.

Week 6 of the Girls Who Code summer-immersion program at Akamai featured a field trip to IBM's Watson Health, where the girls learned about the concept of "cognitive computing," and how this technology is being used by IBM to help doctors help their patients. The girls met some of the women at IBM who are making this technology a reality.

We are often so caught up in our own realities that we miss obvious similarities or synergies. Luckily when various people look at the same situation, different perspectives emerge. I was reminded of that recently during a conversation with one of our large pharma customers.

Akamai helps our customers fully embrace the transition of their users and applications to the cloud. For most, even if their apps aren't in the cloud yet, end users expect to access them from their favorite managed and unmanaged devices as if they were.

[Me]: To keep your players happy - you need to understand why they're not.

[You]: Uh, yeah obviously. Thanks. So what?

Actually, I have a lot to say on the topic of keeping players happy. A few months back I wrote a quick post about Friction.

"Don't work for recognition, but do work worthy of recognition" - H. Jackson Brown.

A friend sent this quote to me after I explained to her my ambivalence about being recognized by Gartner as a "Leader" in their Web Application Firewall Magic Quadrant.  I had mixed feelings because I wanted to believe that I knew the market, I knew our competitors, and I certainly already knew what our customers were telling us about our Web Application Firewall.  Our customers are happy.  The product is getting better.  Market share is growing in a growing market.  I didn't need someone else to tell me we were a leader!   In other words, like most - if not all - of my colleagues and friends, I want to feel intrinsic pride in the work that I do. 

Week 5 of the Girls Who Code program at Akamai was action-packed. The class attended a User-Experience (UX) workshop onsite at Akamai's headquarters in Cambridge, Mass. The instructors, formerly of Twitter and currently Google UX experts, led the girls through an activity in which they designed their own photo-sharing application.

For many years ISPs in certain parts of the world have been required by their regulators/governments to redirect certain websites that were deemed malicious or suspicious. DNS offered a straightforward way to do this; and Nominum, now part of Akamai, is a DNS company, developed an early mechanism using a DNS zone file that made it simple for ISPs to comply. The technology was originally named "Malicious Domain Redirection" (MDR), and it basically allowed DNS server operators to perform a single action for a given domain name. Actions could be categorized so that each action or redirection did not have to be repeated.

A couple weeks ago, I posted a blog that is a follow up of an article I published in Information Security Magazine. In that post I wrote about collecting phishing samples and identifying domain squatters that might be looking to harvest information from their target. This is the final blog entry derived from that article and I'll be discussing a phenomenon that has been dominating the media recently - Fake News.

The summer is flying by, and we have reached the mid-point of our Girls Who Code Summer Immersion program. Our students are smart, engaged, learning a ton, and seem to be having a lot of fun!

It's summer, which means it's time for hitting the beach, enjoying outdoor barbeques with friends and family, going for hiking, biking, kayaking and savoring cold craft beers. But for savvy retailers like you, summer is the ideal time to start getting your apps, websites and infrastructures ready for the holidays.

One of my responsibilities as a member of the Akamai Security Intelligence Response Team (SIRT) is to research new web application vulnerabilities. For the last year, I have focused on Wordpress plugin vulnerabilities, and looking for any interesting code tidbits in my box of Wordpress toys.  There are almost 50,000 wordpress plugins (at time of publication) and Wordpress is the Content Management System (CMS) of choice for over 30 million websites. This creates a very large Internet footprint.  I've been asked if I have any 0days or interesting research tidbits that I've come across and would be willing to share.  The answer is, "No, I don't have high value 0days to sell on the dark web!"