Recently in DNS Category

By Arlen Frew 

Top-level Domain (TLD) operators are focused on making the Internet a better and safer place, enabling name registrations, and maintaining the DNS namespace in support of their stakeholders.  The entire Internet ecosystem, including TLDs, is always looking for ways to improve security. This is especially important as everyone and everything gets connected and awareness of the adverse impact of malicious online activity increases.  Some TLD operators are also looking for ways to supplement their revenue streams to better serve the breadth of economic, cultural, and linguistic needs of their constituents, and to meet policy requirements unique to their region or vertical emphasis.

The Internet was designed to share data, but sometimes the paths that enable it are blocked. When it comes to bad actors - that's a good thing. Most companies today have a Data Loss Prevention (DLP) policy to accompany their web proxies and firewalls. Some of them think this is the best way to stop data exfiltration and monitor what is going in and out of their employee's internet devices. But is this enough?

Carriers providing value-added services need to protect both their network infrastructure and their end-customers from internet threats. New threats are constantly emerging but remodeling your security architecture to address each new threat may leave gaps in your security coverage.  Bolting-on third party products to fill gaps isolates your core architecture from change but creates complexity and management challenges such as multiple operating consoles and data integration barriers.  Are carriers fighting a losing battle?

Great news: If you're a security professional, your skills have never been more in demand. On the flip side, if you're looking for security talent, the search will likely be lengthy and difficult.

ISACA predicts that by 2019 there will be a shortage of two million cyber security professionals globally. And in a survey released by ESG and ISSA in November 2017, 70% of respondents stated that security skills shortages were impacting their organization. The survey also highlighted that highly- experienced staff were overloaded dealing with urgent security events that left them little time to focus on security strategy or training.

Let me start by posing a question: If in one week security solution A produces 120 alerts and security solution B produces 45 alerts, which solution is providing you with more effective protection? The answer is: It depends.

On the face of it, solution A appears to be more effective because it's delivering more alerts than solution B. But what if solution A is actually delivering a considerable number of alerts that don't represent a real security risk to the organization, or in other words, are false positive alerts?

Written by Or Katz and Amiram Cohen

Overview:

While our team, Akamai's Enterprise Threat Protector Security Research Team, monitored internet traffic throughout the 2017 holiday season, we spotted a wide-spread phishing campaign targeting users through an advertising tactic. During the six week timeframe, we tracked thirty different domains with the same prefix: "holidaybonus{.}com". Each one advertised the opportunity to win an expensive technology prize - a free iPhone 8, PlayStation 4, or Samsung Galaxy S8.

The websites associated with this phishing campaign used a combination of social engineering techniques such as creating trust (by using the reputation of well-known companies) and dismantling suspicion (through IP verification and social sharing). They lead users to willingly give away sensitive information by asking them to answer three trivia questions and submit their email address in order to win one of the offered prizes.

By Yohai Einav, Amir Asiaee, Ali Fakiri-Tabrizi and Alexey Sarychev

Originally Posted on January 4, 2018

Earlier this month we took our show on the road, presenting some of our team's work at the Botconf conference in beautiful Montpellier, France. We could talk here for hours about the food, wine, culture, etc., but it would probably be more plausible for our readers to learn about the current developments in the war against bots first. So we'll start with that and perhaps get to the food discussion in the appendix.

By Hongliang Liu and Yuriy Yuzifovich

Originally posted on December 29, 2017 

Today's post is all about DGA's (Domain Generation Algorithms): what they are, why they came into existence, what are some use cases where they are used, and, most importantly - how to detect and block them. As we will demonstrate here, the most effective defense against DGAs is a combination of traditional methods with modern machine intelligence.

With the recent influx of news reports regarding security incidents, more Chief Information Security Officers (CISOs), Chief Information Officers (CIOs), and IT professionals are reviewing current security infrastructures, policies, and practices to identify potential weaknesses in their security posture. This has long been best practice, but with the progressive use of various attack and threat vectors now employed by malicious actors against businesses, this practice must be constantly in play and the execution plan must be dynamic, adjusting to the ever-evolving security threat landscape.

Just like that, another Akamai Edge has come and gone. If you were able to join us this year, I hope you had a chance to stop by my presentation on Threat Intelligence Insights: An In-Depth Analysis of a Fast Flux Botnet.