Akamai Diversity
Home > Or Katz

Recently by Or Katz

Phishing is an extremely common attack vector that has been used for many years, and the potential impact and risks involved are well known to most Internet users. Despite this, phishing is still a highly relevant attack method being used in the wild, affecting many people. The question is, how can a security threat continue to have a significant impact, even though many Internet users know about the risks and potential impact? Akamai's Enterprise Threat Research team decided to dive deeper into several recent phishing scams to provide insights into the modern phishing scam landscape and what makes these campaigns an effective and an ongoing security threat.

Gone Phishing For The Holidays

Written by Or Katz and Amiram Cohen

Overview:

While our team, Akamai's Enterprise Threat Protector Security Research Team, monitored internet traffic throughout the 2017 holiday season, we spotted a wide-spread phishing campaign targeting users through an advertising tactic. During the six week timeframe, we tracked thirty different domains with the same prefix: "holidaybonus{.}com". Each one advertised the opportunity to win an expensive technology prize - a free iPhone 8, PlayStation 4, or Samsung Galaxy S8.

The websites associated with this phishing campaign used a combination of social engineering techniques such as creating trust (by using the reputation of well-known companies) and dismantling suspicion (through IP verification and social sharing). They lead users to willingly give away sensitive information by asking them to answer three trivia questions and submit their email address in order to win one of the offered prizes.

 

Fast Flux Botnet: Research Results

Just like that, another Akamai Edge has come and gone. If you were able to join us this year, I hope you had a chance to stop by my presentation on Threat Intelligence Insights: An In-Depth Analysis of a Fast Flux Botnet.

Written by Or Katz and Raviv Perets

A widespread phishing scam that offers free airline tickets has been spotted in the wild by Akamai's Enterprise Threat Protector (ETP) security research team. The campaign uses a number of social engineering techniques to trick people into providing their private information. When someone clicks on the link in the phishing email, they are taken to a dedicated website that tells them they have "won" two free airline tickets.

Overview

Can you imagine anyone buying a car without airbags and without seat belts? I bet you can't!

So why is it that we buy computers without Antivirus software already installed, home routers without a firewall already installed or connected devices (IoT) that are lacking proper security controls?

Improving Credential Abuse Threat Mitigation

Have you ever tried to login to your favorite website and mistakenly typed the wrong user name and password once, or even twice? I bet you have. And what about submitting a third consecutive false attempt? In most cases, at that point a secure website will start questioning the integrity of your actions. 

From a defense point of view, websites should suspend and limit false login attempts to confirm authenticity once abnormal usage is detected.

The Year of Attacking "Things"

Yearly Review

2016 was an exciting year; a year in which hazards related to the Intent of Things (IoT) became trendy small talk in many living rooms around the world. For us, the members of the InfoSec community, it was the year when the security risks of IoT devices evolved from being theoretical to becoming a practical problem to us all. It was the year in which we all realized that the lack of security surrounding IoT is not just a liability on the consumer owning the device, it is a problem for the entire Internet.

Yes, My Name is ||

Boolean Operator

Different cultures and nationalities have different naming conventions; I came from a one that led me to face the universe with a personal name "Or". I fact, my name has different meanings in different languages. In English the meaning of "Or" is function word that indicate alternatives and in computer coding languages the name "Or" is being used as Boolean operator that enable us to write conditions in our code. 

Keeping an Eye on Credential Abuse Attacks

Akamai Edge conference is here and I'm really excited to share some of my insights and thoughts about credential abuse attacks in my session "Akamai Threat Research into Credentials Abuse".

Credential abuse attacks become a common disturbing threat in recent years, a successful credential abuse attack campaign can result with a potential damage that include losing access and control over the accounts, data breach and even fraudulent transactions.

A year ago Akamai's Threat Research Team exposed a "Blackhat Search Engine Optimization (SEO)" attack campaign. The goal of the campaign was to manipulate search engines rankings and grow visibility for a web site that allows users to share their cheating and infidelity stories.

<< 1 2 3