The Akamai Blog: Cloud Security Archives

Meg Grady-Troia

May 11, 2017 3:12 PM

DDoS Attacks against DNS Infrastructure in the News

DNS-based DDoS attacks have gained mindshare among Akamai customers lately, most recently with last year's Dyn attacks (written about on the Akamai Blog here and here) and this week's attack against Cedexis. DNS infrastructure is a ripe target for malicious actors hoping to disrupt a digital property's availability because it provides the initial resolution for an end user's browser client from hostname to IP address. At best, an attack against

Meg Grady-Troia

April 28, 2017 12:17 PM

Low Risk Threat: DDoS Extortion Letters

Summary Adversaries calling themselves the Lizard Squad have been sending businesses extortion letters, demanding payment in bitcoin to prevent a Distributed Denial of Service (DDoS) or other attack against their applications. These letters have been sent to businesses across the globe and across industries for several years, with little follow-through. These letters appear to come from multiple groups including Lizard Squad, the Armada Collective, and DD4BC, though in many case

Lorenz Jakober

April 3, 2017 8:44 AM

Why moats and castles belong in the past

We are all familiar with the enterprise security approach of treating an organization like a castle, and protecting it with a moat. Moats have been used for perimeter defense since ancient Egypt. While the moat and castle enterprise security approach has worked well in the past it is starting to show its age.

Akamai SIRT Alerts

March 29, 2017 4:15 AM

Update: Vulnerability found in Apache Struts

Akamai has created two new WAF rules in response to new information about the Apache Struts2 vulnerability. The first rule, the most recent version of KRS Rule 3000014, is a standard part of the Kona Ruleset and protects against the many common attacks leveraging this vulnerability. This rule is designed to allow organizations that have complex environments to continue operating without risk of the WAF rule interfering with their environments.

Meg Grady-Troia

March 27, 2017 9:21 AM

Supply Chain Security: Akamai from a Customer's Risk ...

Managing risk is a key aspect of any business. This becomes more complicated when additional parties, such as vendors are brought into the mix. One of the strongest pieces of guidance on managing vendors that customers have brought to Akamai comes from the US Office of the Comptroller of the Currency (OCC) Bulletin 2013-29, wherein the OCC recommended that financial institutions strengthen their preparedness around third-party risk management, particularly in

Akamai

March 24, 2017 8:30 AM

DDoS of Past, Present and Future

The pervasiveness of technology has meant automation of tasks, allowing better productivity, with more time to do more. However, the dark side of technology would be that enterprises and individuals alike are vulnerable to cybercrimes, compromise of identities, loss of data and subject to malicious attacks. In our recent 'State of the Internet / Security Q4 2016 report', we reported that Akamai mitigated 3,826 distributed denial of service (DDoS) attack

Akamai

March 13, 2017 6:47 AM

The Akamai WAF - Now Protecting APIs

Kona Site Defender is our flagship Web Application Firewall and DDoS Mitigation solution at Akamai. Back in the days of the Al-Qassam Cyber Fighters, Brobot ("It's not OK, bro"), and the "holy 100 Gbps attack!", we had a saying around Akamai: "Kona Site Defender customers come for the DDoS, but they stay for the WAF". The general idea was that it took a headline-grabbing DDoS attack to make customers and

Akamai SIRT Alerts

March 9, 2017 3:35 PM

Vulnerability found in Apache Struts

On Monday, March 6th, the Apache team patched a vulnerability in Apache Struts2 framework. Apache Struts is an open-source web application framework for developing Java web applications. The vulnerability exists in the Jakarta Multipart parser, which can be tricked into executing attacker-provided OGNL code. The impacted versions are 2.3.5 through 2.3.31, and 2.5 through 2.5.10 of the Apache Struts framework. If you are currently running an affected version of the

Benjamin Brown

March 2, 2017 1:17 PM

On Web Cache Deception Attacks

Summary On Monday, February 27, 2017, security researcher Omer Gil published a blog post laying out a data exfiltration method called a "Web Cache Deception Attack." The attack leverages web caching functionality to potentially expose sensitive information or allow for account takeover (ATO) attacks. Caching is often used to reduce load and time-to-delivery for a web server receiving requests for content, but this attack shows ways in which, given certain

OVERVIEW

What We Do

INTELLIGENT EDGE PLATFORM

The Competitive Edge

THREAT RESEARCH

Cybersecurity Insights from the Experts

FREE TRIALS

Try Us Free

FEATURED

What's new with the Akamai Intelligent Edge Platform™

SECURITY

Security Solutions

WEB PERFORMANCE

Web Performance Solutions

MEDIA DELIVERY

Media Delivery Solutions

NETWORK OPERATOR

Network Operator Solutions

SERVICES

Services

DEVELOPERS

Akamai for DevOps

FEATURED

Security Solutions

CASE STUDIES

Customer Case Studies

INSIGHTS

Internet Observatory

REPORT

State of the Internet Report

DOCUMENT LIBRARY

Our Library

CDN LEARNING CENTER

About Content Delivery Networks (CDNs)

GLOSSARY

Cloud Computing Glossary

DOCUMENTATION

Technical Documentation

FOR DEVELOPERS

For Developers

COMMUNITY

Community

FEATURED

Our Library

GET IN TOUCH

Global Support Phone Numbers

SUPPORT

Support Resources

UNDER ATTACK

Are You Under Attack?

UNDER ATTACK

Are You Under Attack?

LOCATIONS

Our Offices

CONTACT

Get in touch