Akamai Diversity

The Akamai Blog

Akamai, Mirai, & The FBI

Through the end of 2016, and throughout 2017, multiple Mirai-based botnets targeted multiple Akamai customers. The very first Mirai attack against Akamai was a multi-day barrage, weighing in at a peak of 620/Gbps that sent shockwaves across the Internet. The same botnet would go on to conduct several hard hitting attacks across the Internet and cause widespread outages. 

On December 13, 2017, the Department of Justice (DOJ) announced that multiple actors pled guilty to attacks linked to the original Mirai botnet. In this announcement they also listed Akamai and other organizations as a source of "additional assistance".

"Additional assistance was provided by the FBI's New Orleans and Pittsburgh Field Offices, the U.S. Attorney's Office for the Eastern District of Louisiana, the United Kingdom's National Crime Agency, the French General Directorate for Internal Security, the National Cyber-Forensics & Training Alliance, Palo Alto Networks Unit 42, Google, Cloudflare, Coinbase, Flashpoint, Yahoo and Akamai."

Researchers at Akamai have been involved in the dissection and tracking of the Mirai botnet from the very beginning and have been actively working to keep up with the evolution of Mirai and its many variants since. We want to use this opportunity to explain the role Akamai played in the research leading up to FBI's investigations.

In the hours following the initial attacks, researchers from Akamai SIRT, Flashpoint, CloudFlare, Google, Yahoo, Palo Alto Networks, and more, began to take notice and work toward understanding the who, what, why, and how that made attacks of this magnitude possible.  Individuals at these organizations formed an informal working group in order to share the knowledge they were gleaning on the nature of the new threat. 

Malware samples believed to be associated with a new, and mostly unknown, botnet were seen across several honeypots in the wild. This quickly-growing botnet was not only observed infecting honeypots, but was also identified based on its continually growing footprint of scanning and brute-forcing activities.

Researchers at Akamai began analyzing the malware to reverse engineer its network protocols and capabilities. The discoveries we made related to communication strategies, command and control protocol structures, attack capabilities, attack traffic signatures, as well as other valuable data was collected, documented, and ultimately shared to aid in collaboration across the working group of researchers and their respective organizations.

These findings and information proved valuable in helping other organizations defend against the Mirai botnet as well as assisting the FBI to understand, correlate, and attribute attacks back to specific botnets and suspected DDoS-for-hire operations.

We at Akamai appreciate the FBI and DOJ for acknowledging our hard work on the Mirai botnet research and their continued efforts to help victims and organizations to combat cybercrime.

Together we can all do our part to help make and keep the Internet "Fast, Reliable, and Secure".

High fives to everyone involved!

 

Akamaizing Your Dev & QA Environments

Over the last few months, I've been talking to many development and test teams who deliver their sites and applications through the Akamai Intelligent Platform. One common challenge they face is how to test their Akamai delivery configurations on the Internet against their private development and QA environments behind the firewall. Most operate on a DevOps model with the goal of performing end-to-end testing throughout the software development lifecycle in order to find bugs and interoperability issues (e.g. misconfigured headers) earlier in the development process. As noted by Ron Patton in "Testing Software", the cost of finding a bug increases logarithmically as the development process progresses, so finding these issues early on in the process saves a lot of time and money. The historical challenge these teams have faced has been how to allow the Akamai delivery configuration access to these development and QA environments. Typically private and not exposed to the internet, the common approach has required a move into the DMZ.

Good News from Singapore

The IETF had its 100th meeting the week of November 13. It was held in Singapore. I want to report on two pieces of good news.

The results are in, Black Friday and Cyber Monday broke all records in 2017 as the total revenue for these days exceeded $11.5 billion. Anticipating that more consumers would shop online, retailers invested in digital experiences and geared up for the holidays by (i) stocking fewer items in stores to reduce inventory costs and (ii) hiring few seasonal workers. Retailers' predictions were accurate, and their investment in digital experiences paid off, as close to 40% of the Black Friday revenue was generated via mobile devices.

We, at Akamai, typically see a huge surge in traffic on our platform on Black Friday and Cyber Monday, and this year was no exception. Using our mPulse technology to capture real user data and correlate web and mobile performance to user behavior, we observed an overall global increase in mobile device conversion rates in 2017. Our data highlights that retailers have understood and implemented strategies to improve the digital experience for their users, and that those investments are paying off, especially on mobile devices. Here are the key trends that we observed on our platform and which resulted in a successful holiday season:

In the first and second  part of this blog series, we discussed the challenges associated with cloud adoption and how you can leverage Akamai Cloud Delivery Platform, the world's largest and most trusted cloud delivery platform, to achieve the scalability, availability, reliability, security and performance needed to deliver superior digital experiences and maximize customer engagement and revenue.

There is another trend in the market that promises similar benefits as cloud adoption and that is DevOps. In the past few years, there has been a tremendous increase in the adoption of DevOps processes in software development.  Businesses are adopting DevOps practices for reduced time to market, agility and better collaboration between teams (business, operations, development). Continuous integration and delivery (CI/CD) of application code and configurations is at the heart of DevOps, providing the nimbleness needed to rapidly deploy new code and faster resolution of bugs and defects.

What to expect for this year's Black Friday and Cyber Monday

Last year during holidays, US online sales surpassed $122 billion. This represented a 12 percent increase over the previous year. But beyond the overall growth, what's more interesting is that sales at physical stores dropped by 10 percent, the result of ongoing consumer comfort with and adoption of e-commerce buying behavior. Given the performance of holidays so far this year, it seems clear that this trend will continue in 2017. As a result, retailers are stocking fewer items in stores to reduce inventory costs and are hiring fewer seasonal workers as they anticipate lower foot traffic to stores.

 

Are you ready for the holidays?

It's November, which means the holiday season is upon us and retailers are working tirelessly to get their websites, apps and infrastructures ready to deliver a secure and exceptional customer experience during the peak holiday season. If past data is any indication of things to come, 2017 promises to be yet another record-breaking holiday season.

Do you believe in Serendipity?

In December 2016, after a month of mountain bike racing and touring in Nepal, I commenced the Executive Program in General Management at MIT. The first term was at Sloan School of Management in Cambridge and for the first time in my life, I finally could relate to studying. In fact, I was even enjoying it! One of the many practical subjects was "How Companies Become Platform Leaders" by Professor Pierre Azoulay with references to MIT alum companies like Dropbox; and a fascinating case study on Akamai, the brainchild of Dr. Tom Leighton and Danny Lewin which grew to become the world's largest cloud delivery platform today.

In the first part of this blog series, we discussed how you can leverage Akamai Cloud Delivery Platform, the world's largest and most trusted cloud delivery platform, to achieve the scalability, availability, reliability  and performance needed to deliver superior digital experiences and maximize customer engagement and revenue.

 

Layered Security Without the Layered Complexity

With the recent influx of news reports regarding security incidents, more Chief Information Security Officers (CISOs), Chief Information Officers (CIOs), and IT professionals are reviewing current security infrastructures, policies, and practices to identify potential weaknesses in their security posture. This has long been best practice, but with the progressive use of various attack and threat vectors now employed by malicious actors against businesses, this practice must be constantly in play and the execution plan must be dynamic, adjusting to the ever-evolving security threat landscape.