Akamai Diversity
Home > Bill Brenner

Recently by Bill Brenner

We continue to preview sections of the Q1 2015 State of the Internet Security Report due out later this month.So far, we've told you about the continuing trend of website defacements and DNS Hijacking, the potential security risks of widespread IPv6 adoption, and the significance of a 100 GBPS attack.

Among the Q1 2015 highlights:

  • We saw a record number of DDoS attacks recorded on the Prolexic network - more than double what was reported in Q1 2014.
  • The profile of typical attacks changed. 
  • Last year, high bandwidth, short-duration attacks were the norm. This time, the typical DDoS attack was less than 10 Gbps and lasted for more than 24 hours. 
  • SSDP attacks -- absent in Q1 2014 -- came on strongly in Q1 2015. 
  • The proliferation of unsecured home-based, Internet-connected devices using the Universal Plug and Play (UPnP) Protocol has made them attractive attack targets. 

DD4BC Escalates Attacks

DD4BC, a malicious group responsible for several Bitcoin extortion campaigns last year, is expanding its extortion and distributed denial of service (DDoS) campaigns. In recent days, Akamai has had to protect a growing number of customers from these attacks.

Researchers from Akamai's PLXsert and CSIRT teams continue to research DD4BC's threats and attack activity, and this afternoon released a new bulletin to Akamai customers through the company's Luna portal and Akamai Community.

May OWASP Boston Meeting at Akamai

The Open Web Application Security Project (OWASP) Boston chapter will hold it's monthly meeting Wednesday night at Akamai headquarters. Details below.

SOURCE Boston Agenda - May 27-28, 2015

SOURCE Boston will be held later this month at the Marriott Courtyard. Several people from Akamai InfoSec will be there volunteering, working the Akamai booth and attending talks. The full agenda is below.

BSides Boston 2015: Agenda

BSides Boston is Saturday at Microsoft, 1 Cambridge Center. Several people from Akamai InfoSec will be there volunteering, working the Akamai booth and attending talks. The full agenda is below.

Videos: Akamai at #RSAC 2015

Tenable Network Security commissioned media pro David Spark to produce videos during RSA Conference and BSidesSF 2015. His lens caught a lot of Akamai. Here are some particularly good interviews.

Q1 2015 SOTI Preview: Cruel (SQL) Intentions

The Q1 2015 State of the Internet - Security Report is due out next month, and we spent much of last week's RSA Conference 2015 previewing sections. We continue doing so today.

Last week we reviewed the significance of a 100 GBPS attack, the continuing trend of website defacements and DNS Hijacking, and the potential security risks of widespread IPv6 adoption. Today, we look at an analysis of SQL injection attacks based on data from Akamai's Kona Site Defender web application firewall (WAF).

RSA 2015 Video: Four Cloud Mistakes to Avoid

Tenable Network Security commissioned media pro David Spark to produce videos during RSA Conference and BSidesSF 2015. Along the way, he caught up with Akamai Security Advocate Dave Lewis and myself. Here's the resulting interview.


Live from RSA 2015: Security Kahuna Podcast

State of the Internet Security Podcast Host Bill Brenner catches up with Akamai security advocates Dave Lewis and Martin McKeay.

Friends and industry colleagues, the trio dissects RSA 2015 from a security expert perspective. Over the last few years, the RSA conference been considered an insider event with a structured theme and coinciding messaging - Brenner and team discuss the expansion of RSA into a major event lacking central messaging.

In addition to discussing the changes observed at RSA 2015, Brenner also discusses with McKeay and Lewis the future for RSA in events to come and how businesses are evolving to adapt to customers and prospects who attend.

DD4BC Operation Profile [Medium Risk]

Update: In an earlier version of this bulletin, we discussed how chaotic actors were exploiting Google services as part of their operations. Some have misconstrued it as Google backing a botnet. To be clear, Google has no part in this activity, and certainly does not condone such activity.

DD4BC, a malicious group responsible for several Bitcoin extortion campaigns last year, is expanding its extortion and distributed denial of service (DDoS)
campaigns to target a wider array of business sectors. In recent days, two Akamai customers have fallen into its crosshairs.

Akamai's Prolexic Security Engineering and Research Team (PLXsert) has conducted new research into DD4BC in recent weeks.

DD4BC appears to use Google IP address ranges, and in some cases AppEngine instances, in its attacks. It appears to use common UDP reflection DDoS attack techniques, as well as SYN floods that spoof Google crawler IP addresses, to mask the malicious traffic.

In one threat, DD4BC claimed it had the firepower to launch 400+ Gbps DDoS attacks, though there is no concrete proof it could carry out an assault of that size.

Late last year, the group repeatedly tried to blackmail Bitcoin exchanges and gaming sites - threatening victims with DDoS attacks in order to extort bitcoins.

Campaigns typically consisted of an email informing the victim that a low-level DDoS attack was underway against the victim's website. Emails explained that the DDoS activity could be observed in server logs at low levels in order to not interrupt the victim's operations. Following this explanation, DD4BC demanded a ransom paid in bitcoins in return for protecting the site from a larger DDoS attack capable of taking down the website.