Akamai Diversity
Home > Web Security

Recently in Web Security Category

BillGates Malware used in DDoS Attacks

By Bill Brenner, Akamai SIRT Senior Tech Writer

Akamai's Security Intelligence Research Team (SIRT) continues to see the BillGates trojan/bot family of malware being used to launch DDoS attacks. Attackers who control the malware -- first disclosed on a Russian IT website in February 2014 -- can gain full control of infected systems.

Akamai SIRT member Tsvetelin Choranov led the research effort outlined in this advisory.

On Trust and Video Games

I was about to hop on the Caltrain to San Francisco when I got the call. Over the metal on metal screech of the locomotive pulling into the station I could only make out the last few words, "to verify a few recent transactions". After boarding the train, I stood in the vestibule whispering for 20 minutes. It was my bank. Someone had gotten access to my debit card information and was making purchases in a country I'd never visited.

In this article we'll review how to handle known bot traffic.

As discussed in the first part, you may not be comfortable serving content to all legitimate bots for various reasons. But even when you're willing to serve content to known bots, several options are available. Just like for unknown bots, you'll have to decide on the response strategy that works best for you.

In part 1 of this series we've discussed the difficult problem of differentiating the good vs. the bad. In this article we'll review how to go about defining a response strategy to manage bots that you think are bad for your business. First thing you'll have to decide is whether you want to serve any content at all to these bots. We recommend you do to keep the bot at bay but of course it depends on your context and what infrastructure you have available.

As you may have heard, Akamai recently introduced a new product, Bot Manager. I've been working at Akamai for close to 10 years and, in my past roles here (Technical Support Engineer, Enterprise Architect), I've had the opportunity to work closely with many customers who had issues with bots. Generally, this was about protecting the site against "bad bots" but also making sure that "good bots" were not impacted by any of the mitigation techniques. 

Hackers vs. Media

We're used to hearing about cyber attacks against financial institutions and retailers. But another industry faces a growing threat: Media.

Digital media publishers strive to provide meaningful content and a user experience that will grow a dedicated base of content consumers. This allows the publisher to partner with and provide services to marketing and advertising concerns to build cash flow that can be used to further enhance the experience for content consumers.

Scraper and Bot Series - When Good Bots Go Bad

By Bill Brenner, Akamai SIRT Senior Tech Writer

Akamai this week launches the first in a series about bots and scrapers, based on continued research by Akamai's Security Intelligence Research Team (SIRT). In the first installment, we discuss the various types of bots and scrapers that we have encountered, and how you may want to react to each. This paper will mainly focus on the known "good bots", -- traffic that is encouraged because it can be helpful to a business.

3/8/16 UPDATE:  Akamai continues to harden systems against the DROWN vulnerability (CVE-2016-0800), which exploits legacy encryption protocols in order to compromise keys that secure modern protocols, like TLSv1.2. (It does not leak the SSL/TLS keys themselves.) 

We have taken the necessary steps to protect both our customer-facing and critical internal systems from this vulnerability as of March 1, 2016.  We will continue to identify and patch non-critical systems on an as-needed basis.

The Decrypting RSA with Obsolete and Weakened eNcryption attack, described here, allows an adversary to compromise secrets from modern-TLS connections if any machine will accept SSLv2 connections using the same key & certificate.

Our secure delivery services are not vulnerable to DROWN. Individual customers have the option to enable SSLv2 for their own sites. Doing so would expose that customer's connections to DROWN.

While Akamai secure delivery provides protection, customers are still advised to verify that the origin servers they operate themselves do not use SSLv2. If they do have to use SSLv2, they should not do so using the same key & certificate as would be used for more secure connections.

The vulnerability is getting attention from such media outlets as The Register and Ars Technica.

The official DROWN web page calls this "a serious vulnerability that affects HTTPS and other services that rely on SSL and TLS, some of the essential cryptographic protocols for Internet security." Attackers can exploit it to break the encryption and read or steal sensitive communications such as passwords, credit card numbers, trade secrets, or financial data. The researchers estimate that 33% of all HTTPS servers are vulnerable to the attack.

If you have any questions or concerns regarding this vulnerability and your Akamai services, please use our Community post dedicated to the subject, or contact your Akamai Representative or Customer Care.

If our investigation uncovers additional risks, we will provide follow-up blog posts, Akamai Community posts, and Luna Portal advisories to update customers on how we are affected and what we're doing about it.

Join me over the next few posts as I talk about how to provide fast, reliable, and secure applications in the branch while protecting end-users and promoting a transparent and open Internet. In Enterprise Security - SSL/TLS Primer Part 1 - Data Encryption I covered the fundamentals of data encryption. For part two we will cover certificates. Let's start with the basics.

CDN-based WAF + Big Data Intelligence is a Gold Mine for This Security Researcher

I am frequently asked by friends and colleagues why I joined Akamai's Threat Research Team.  I can boil it down to three main reasons: People, Technology and Data.