Akamai Diversity

The Akamai Blog

Hongliang Liu

Hongliang Liu

September 30, 2015 1:58 PM

Ghosts Haunt Internet II: Android Malware

<p>Android fans were probably chuckling over the XcodeGhost malware news - hackers don't often penetrate Apple's defenses. This provoked the Nominum, now part of Akamai, Data Science team to take a look at what's happening with malware targeting Android. Common wisdom is Android is exposed because there's less rigor in the development and supply chain, and third-party app stores with no protections are popular. Determined hackers can allegedly subvert defenses

Hongliang Liu

Hongliang Liu

September 23, 2015 1:27 PM

XCodeGhost Haunts the 'Net

The DNS offers visibility into many kinds of Internet trends including various security threats. We've reported extensively on DNS DDoS and Nominum, now part of Akamai, Data Science also tracks botnet activity. In this case queries for Command and Control (C&C) domains for the recently disclosed XcodeGhost malware were observed in September. Infected development tools were reported to have been used for the popular iOS app WeChat.

Jonathan Zarkower

Jonathan Zarkower

August 27, 2015 11:37 AM

Akamai Assists ISPs in Providing a Family-Friendly I ...

Family and Internet safety advocates have lobbied long and hard to government regulators and Internet service and content providers for stronger measures and controls over the types of content viewable by children when online. And based on recent reports, some ISPs have responded in a favorable way, by implementing services that place automatic blocks on "high risk" websites including those that feature nudity or sexual content or are related

Jonathan Zarkower

Jonathan Zarkower

August 20, 2015 10:35 AM

End-User Mapping Brings Users Closer to Internet Nir ...

It goes without saying that people enjoy using the Internet more when response times are fastest. But most of us are not as concerned about why websites respond more quickly, as long as they do. There are many factors that contribute to faster (and more satisfying) web experiences. Certainly, faster broadband connectivity and well-designed web sites play a role. And websites that leverage content delivery networks (CDNs), which distribute

Bruce Van Nice

Bruce Van Nice

June 15, 2015 12:35 PM

New Best Practice: Ingress Filtering to Deter DNS DD ...

DNS DDoS continues on the trend line established in 2014 - with tens of billions of malicious queries Internet-wide every day. Many of the domains attacked are lightly trafficked, but popular (Alexa 5000) domains are commonly targeted. For example, alternative news sites, a university, and e-commerce sites have been attacked in the past couple of months. Attacks on popular domains require extra care when mitigating to avoid blocking legitimate queries.

Akamai

Akamai

June 12, 2015 4:48 PM

DNS Amplification Attacks and Truncated Responses

Nominum, now part of Akamai, Research shows about 15% of DNS DDoS traffic is amplification yet it still has an impact (the rest are random subdomains). Data also shows bad guys continue to leverage open DNS resolvers which after more than 2 years might be considered an "old-days" technique, yet there are still around 17 million of them on the Internet. More recently our research teams have seen bots sending

Thomas Orthbandt

Thomas Orthbandt

October 2, 2014 12:16 PM

DNS DDoS Takes Down Hong Kong Paper

The ongoing protests in Hong Kong are attracting worldwide attention. Less visible is a connection to the ongoing DNS-based DDoS attacks that started early this year. On Sunday, Sept 28 attackers used DNS based DDoS to target Passion Times, a local Hong Kong newspaper (http://www.passiontimes.hk/). The site was brought down for most of the day and had to resort to Facebook (https://www.facebook.com/passiontimes) in order to get the news out.

Akamai

Akamai

September 24, 2014 1:17 PM

Response Rate Limiting Bites Back?

A new kind of DDoS attack is currently stressing DNS infrastructure everywhere. Attackers gain access to DNS resolvers through home gateways with open DNS proxies. Proxies forward large bursts of queries with spoofed IP addresses to whatever resolver they are configured to use, usually an ISP resolver. With these attacks, the overwhelming majority of queries require recursion so resolvers in turn query authoritative servers to get answers.

Akamai

Akamai

April 19, 2014 11:34 AM

Deterring DNS Amplification: Considerations for Filt ...

A new variant of DNS amplification attack relies on home gateways with open DNS proxies to forward DNS queries to ISP resolvers. To launch this exploit attacker can deploy their exploit code anywhere on the Internet that allows address spoofing, a compromised server in a hosting facility for example. From there DNS queries can be targeted at any network with open home gateways. These queries enter ISP networks at border