Akamai Diversity
Home > Web Security

Recently in Web Security Category

Akamai's Fast DNS Infrastructure battles Xor Botnet

By Bill Brenner, Akamai SIRT Senior Tech Writer

Xor, a Trojan malware attackers are using to hijack Linux machines to include within a botnet for distributed denial of service (DDoS) campaigns, appears to be behind an Oct. 13 attack against a customer using Akamai's FastDNS infrastructure.
It has been a busy week for Akamai and the Cloud Networking team.  In addition to launching our Cloud Networking solution category, we completed Edge, our annual customer conference, acquired Bloxx, a Secure Web Gateway company, and Orange Business Services and Deutsche Telekom announced that they selected Akamai Cloud Networking to power their business grade Internet solutions. So what does this mean for our customers?

We are happy to announce that Deutsche Telekom has selected Akamai Cloud Networking to enhance its IP-VPN portfolio. The new IP-VPN offering from Deutsche Telekom will utilize Akamai Cloud Networking Internet Transport Optimization capabilities to bolster the reliability and performance of enterprises' Internet IP-VPN traffic.

FinTech Landscape Comparison: U.K. vs. the U.S.

If you are a FinTech junkie like myself, you review dozens or articles each week from around the world to try to keep up with the latest hot news and hot companies in this space.  Many of the articles highlight recent startups, or report on the investments banks are making in specific companies or their own innovation centers to keep pace with this hot sector.  It's all very exciting, but it's hard to formulate a deeper understanding of the industry as a whole.

Operation Profile: Armada Collective

By Bill Brenner, Akamai SIRT Senior Tech Writer

In recent weeks, Akamai's Security Intelligence Research Team (SIRT) has investigated several DDoS attack campaigns targeting Akamai customers. The group responsible for these attacks calls itself "Armada Collective." Its tactics are similar to those used by the group DD4BC, where they threaten the victim with emails warning of an impending DDoS against their website unless a ransom is paid in Bitcoins.

The Holiday Readiness Countdown

It's never too early to prepare when you're a retailer gearing up for the holiday rush, especially with the continued growth in online commerce. Now is usually the time that shoppers begin making their shopping plans, and even start to make purchases. To help prepare, we've pulled together three essential elements for providing an exceptional customer experience during the holidays, and ultimately converting shoppers into buyers! 

The Torte Botnet: A SpamBot Investigation

By Bill Brenner, Akamai SIRT Senior Tech Writer   

Akamai released a new whitepaper today about a spambot investigation conducted by Chad Seaman, a Senior Security Response Engineer from Akamai's Security Intelligence Research Team (SIRT).

Attackers are using a multi-layered, decentralized and widely distributed botnet to launch coordinated brute-force spamming campaigns. Chad named it the "Torte" botnet because its structure resembles a multi-layered cake.

The botnet is fairly large and uses both elf binary and php based infections. The portions that could be mapped account for over 83,000 unique infections across 2 of the 4 infection layers. While binary infections only target Linux, other php-based infections were found running on all major server operating systems -- Windows, Linux, os x, Unix, SunOS, and variants of bsd.

The paper examines Akamai's SIRT investigation, findings and recommended defensive measures.

With the holiday season quickly approaching, retailers are thinking through every element of their company's eCommerce plans to significantly boost sales during the busiest shopping time of the year. One of the biggest drivers of online retail sales is user experience, so retailers should place increased emphasis on bolstering the following customer touchpoints during the holiday rush to ensure positive brand interactions that convert browsing into sales:

NetBIOS, RPC Portmap and Sentinel Reflection DDoS Attacks

By Bill Brenner, Akamai SIRT Senior Tech Writer


Akamai's Security Intelligence Response Team (SIRT) released a new advisory today about three new attack vectors digital miscreants have used to target Akamai customers. The main researchers for this advisory were Jose Arteaga and Wilber Mejia.


In the third quarter of 2015, Akamai mitigated and analyzed the following vectors:


  • NetBIOS name server reflection DDoS

  • RPC portmap reflection DDoS

  • Sentinel reflection DDoS, which reflects off of licensing servers.

Cloudpiercer Discovery Tool

Researchers have released details of a tool that allows users to discover origin servers. Researchers call it Cloudpiercer, which uses a number of techniques to locate origin servers' IP addresses.


The Cloudpiercer tool bundles several previously known methods with some stated new ones to simplify the reconnaissance against targets. It's a reconnaissance tool, not an attack tool. A potential attacker may use similar methods to search for a customer's datacenter IP addresses or netblock(s) but will have to use other services or technologies to perform an actual DDoS or web application attack.


Akamai's Security Intelligence Research Team (SIRT) has analyzed the methods used by the tool and offers the following observations.