Akamai Diversity

The Akamai Blog

Lorenz Jakober

Lorenz Jakober

June 1, 2017 8:19 AM

20 Years of DNS Data Exfiltration: Why, How, and Wh ...

In the last few posts, I talked about why recursive DNS (rDNS) combined with threat intelligence makes for such a simple-to-deploy security solution that effectively mitigates and prevents advanced, targeted threats. Not to belabor the point, but the recent punycode phishing news makes the effectiveness of rDNS plus threat intel even more evident. Identifying punycode domains lexically through a combination of rDNS and threat intel is quite straightforward, either by

Avi Aminov

Avi Aminov

May 24, 2017 9:19 AM

Spotlight on Malware DGA Communication Technique

Written by Avi Aminov and Or Katz Overview Imagine you are standing in the middle of a crowded train station and want to have a private conversation with an old friend. You've been waiting for the perfect time to contact him and get some advice on how to move forward with some important life choices. But you couldn't wait any longer, and now you're on a train platform. There are

Lorenz Jakober

Lorenz Jakober

May 17, 2017 10:11 AM

What Are Domain Generation Algorithms (DGAs) And Why ...

Last time I talked about how a proactive approach to defending against targeted threats using cloud-based recursive DNS and threat intelligence just makes sense. Taking this proactive approach early in the killchain can help mitigate known and unknown threats before any IP connection, file download or execution even happens. So, what are some of the common targeted threats and/or DNS-based techniques that we run across? We generally see malware, ransomware,

Lorenz Jakober

Lorenz Jakober

April 26, 2017 12:40 PM

Recursive DNS - The Achilles Heel Of Advanced Threat ...

We all know what happens whenever anyone or anything tries to access a resource on the Internet. It all starts with a DNS request that translates a URL (www.akamai.com) into an IP address (104.97.77.24): Now if we dive a little deeper into the DNS request flow we can see the requester make a request to the recursive DNS infrastructure of either their ISP or their enterprise. In other words recursive