Akamai Diversity

The Akamai Blog

How to Better Understand the Bot Ecosystem

Jason Miller, our chief strategist of Commerce, was recently published in Retail TouchPoints magazine.  In his article, How to Better Understand the Bot Ecosystem, Jason talks about the different ways to distinguish between good bots and bad bots and how the distinctions change across applications and environments.

It has now been five years since World IPv6 Day and four years since World IPv6 Launch. The long-term global Internet transition to IPv6 is well underway and increasingly entering the mainstream. The American Registry for Internet Numbers (ARIN) exhausted its free pool of IPv4 addresses in September 2015, following all of the other registries except for Africa's AFRINIC (which is on track to exhaust its IPv4 free pool in 2018). The result is that businesses and service providers needing Internet addresses for their mobile users, broadband users, business offices, servers, or cloud infrastructure now need to purchase IPv4 addresses on a transfer market, use IPv4 NAT (network address translation) with corresponding costs and complexity, or make a strategic decision to leverage IPv6.

Why the In-Store Experience Still Matters

While the tactile nature of in-store shopping is nice, what is often missing from the in-store experience is the personalization available online.  Jason Miller, our chief strategist of Commerce, has recently published an article - Why the In-Store Experience Still Matters - on Apparel Magazine to discuss how retailers are finding new ways to personalize the in-store shopping experience.

In my last blog when I kicked off our MobilePerf Blog Series, I talked about mobile Search Engine Optimization (SEO) and Google's guidance on how to make your sites mobile friendly. 

Google just announced that they will also factor in your mobile site's page speed when ranking your organization in the mobile friendly search results. 

Unlocking Locky

Locky is a new cyberthreat that has received a lot of attention in security circles over the last few months because it has been unusually successful. Locky is advanced ransomware that encrypts a person's files and holds them for ransom. It uses a number of different technologies to avoid being detected or blocked and takes great care to hide its path back to the attackers. The code is obfuscated to avoid detection by antivirus and malware software. The blackmailers communicate through TOR and only accept Bitcoin as payment, making it nearly impossible to discover who they are.

Game developers care about friction

Last week, I was standing in Singapore freezing. If you've ever been there, you'll know this sounds crazy, as the typical weather all year long is 88 degrees with 85% humidity. At this moment, I was standing at a small staircase ready to step on stage at Casual Connect Asia in the Hard Rock Hotel. Maybe in response to the weather, this room's air con was cranked up.

By Akamai SIRT

Two quarters ago, we introduced Sankey diagrams to the State of the Internet: Security Report. Sankey graphs help visualize energy, material, or cost transfers between processes.

The Sankey graph below shows how DDoS reflection attacks have trended during the past five quarters. We tracked ten infrastructure-layer DDoS-reflection vectors. The most used vectors seem to correlate with the number of Internet devices that use these specific service protocols for legitimate purposes.


Apple's upcoming App Store submission requirement around supporting IPv6-only environments (announced last year at WWDC and being enforced starting June 1) has been getting plenty of recent coverage. iOS application developers already need to make sure their applications work in IPv6-only environments with NAT64+DNS64; however, this by itself does not mean that those applications (or web-based applications) obtain content over native IPv6.

New DDoS Reflection/Amplification Method Exploits TFTP


Akamai SIRT is investigating a new DDoS reflection and amplification method that abuses TFTP. This is yet another UDP-based protocol that has been added to the list of DDoS amplification scripts available for malicious use.  

A new advisory authored by Jose Arteaga outlining the threat and suggested defenses can be downloaded here.

The financial services sector is arguably the most advanced private sector for intelligence gathering, security information sharing, and investment in cyber security controls.  For those of us who have been involved in cyber security for the last few years, we have the experienced periods of high threat activity, such as the al-Qassam Cyber Fighters and Operation Ababil, as well as periods of relative calm.