Akamai Diversity
Home > March 2018

March 2018 Archives


Overview

Credential abuse (CA) is a trend that is here to stay. It affects almost every one of us. There are attackers trying to break into every online account and the vast majority of these attacks are happening silently in the background. In the past, credential abuse tools were written and distributed in closed forums and among air-gapped societies. Now, they are widely available; there is a highly active market trade of "cookbooks" - configurations and instructions on how to perform successful logins against a website.

 

Illuminating the Path to Digital Maturity

Research By Akamai and Forrester Sheds New Light on Digital Experience Challenges and Opportunities

Nearly every business today is striving to create and deliver digital experiences that stand apart. But it's no small task turning those visions into reality. Moreover, there's little room for error. Complicating matters is the never-ending introduction of new technologies, approaches, opportunities, and challenges.

Zero Trust and the Slowly Boiled Frog

Disclaimer: No actual frogs were harmed in the writing of the blog post. We wouldn't do that. We like frogs.

What is Zero Trust Networking?

The Zero Trust security model was proposed by John Kindervag of Forrester Research back in 2010. The concept is that the traditional trust model of "trust, but verify" is no longer valid; instead we should "never trust, always verify".

By Arlen Frew 

Top-level Domain (TLD) operators are focused on making the Internet a better and safer place, enabling name registrations, and maintaining the DNS namespace in support of their stakeholders.  The entire Internet ecosystem, including TLDs, is always looking for ways to improve security. This is especially important as everyone and everything gets connected and awareness of the adverse impact of malicious online activity increases.  Some TLD operators are also looking for ways to supplement their revenue streams to better serve the breadth of economic, cultural, and linguistic needs of their constituents, and to meet policy requirements unique to their region or vertical emphasis.

Days of clear-text HTTP, the original but insecure foundation for data communication over the web, are numbered. Over the past few years, Google (and others such as the Internet Architecture Board, Mozilla, and Apple) have nudged developers to encrypt and authenticate their websites using HTTPS which layers HTTP over TLS (Transport Layer Security). This includes measures such as ranking HTTP sites lower in Google search results, not supporting powerful features such as geolocation and service workers, and marking a large subset of HTTP sites as "not secure". As a result, there has been a significant increase in the adoption of HTTPS, resulting in a more secure World Wide Web.

memcached, now with extortion!

Over the past week, memcached reflection attacks have taken the DDoS scene by storm.  With several attacks hitting organizations across many industries, including a record breaking 1.3Tbps attack against an Akamai customer.  Akamai has observed a new trend in extortion attempts using memcached payloads to deliver the message.

 

Memcached-fueled 1.3 Tbps attacks

At 17:28 GMT, February 28th, Akamai experienced a 1.3 Tbps DDoS attack against one of our customers, a software development company, driven by memcached reflection. This attack was the largest attack seen to date by Akamai, more than twice the size of the September, 2016 attacks that announced the Mirai botnet and possibly the largest DDoS attack publicly disclosed. Because of memcached reflection capabilities, it is highly likely that this record attack will not be the biggest for long.