Get In Touch
By Hongliang Liu and Yuriy Yuzifovich Originally posted on December 29, 2017 Today's post is all about DGA's (Domain Generation Algorithms): what they are, why they came into existence, what are some use cases where they are used, and, most importantly - how to detect and block them. As we will demonstrate here, the most effective defense against DGAs is a combination of traditional methods with modern machine intelligence.
With the recent influx of news reports regarding security incidents, more Chief Information Security Officers (CISOs), Chief Information Officers (CIOs), and IT professionals are reviewing current security infrastructures, policies, and practices to identify potential weaknesses in their security posture. This has long been best practice, but with the progressive use of various attack and threat vectors now employed by malicious actors against businesses, this practice must be constantly in play
Just like that, another Akamai Edge has come and gone. If you were able to join us this year, I hope you had a chance to stop by my presentation on Threat Intelligence Insights: An In-Depth Analysis of a Fast Flux Botnet.
Service providers looking to enhance and secure the online experience for their residential and business subscribers often struggle to find solutions that are easy for their customers to configure and use - particularly when it comes to setting policies that carry across fixed, mobile and converged networks. This type of simple, seamless management is actually a key distinguishing feature of Nominum, now part of Akamai, solutions. And not just from
In case you haven't been paying attention, an unlikely technology, the Internet's Domain Name System, or DNS, is experiencing a renaissance. For much of its existence, DNS has maintained a simple and singular function - to resolve Internet names to IP addresses. Over the past several years, however, DNS, or more specifically, the recursive DNS (rDNS) resolver, has assumed a number of new roles, made possible by the fact that
We suggest reading Parts One, Two, and Three before continuing with this blog post. Fast Flux Network Malicious Activity Fast Flux Network as a Platform for Malware Activity In order to make sure, beyond any reasonable doubt, that the Fast Flux network is being used for malicious activities, we collected evidence from a variety of public sources that shows a clear relationship between the analyzed malware samples and domains being
We suggest reading Parts One and Two before continuing with this blog post. Fast Flux Network - C&C Network vs. Hosting Network In order to further investigate the initial assumption of having two different sub-networks as observed in Fast Flux Network - Overview, we created a network graph, but this time without showing the relation to the nameserver. Doing that showed us that we can see two distinct sub-networks segregated
Read Part One, an Introduction to Fast Flux Networks, here. Fluxing - Deep Dive The primary characteristic of the Fast Flux network is that the network constantly changes its IP addresses, domains, and nameservers. These changes obfuscate the true nature of the network and make it more difficult for researchers to understand and defend against.
Authors: Or Katz, Principal Lead Security Researcher, Akamai; Raviv Perets, Senior Security Researcher, Akamai; Guy Matzliach, Security Researcher, Akamai Introduction Recently, we have seen large-scale botnets used to execute attacks rarely seen in the past. These botnets incorporate new features and have bigger capabilities. How do these botnets remain resilient to detection?