Akamai Diversity
Home > Web Security

Recently in Web Security Category

It seems like holiday promotions have already started for many retailers and the promotion timetables are even earlier than last year. On a recent trip through my local big box retailer I noticed that Christmas decorations are already out, just one aisle down from the Halloween decorations. 

A pharmaceutical company decides to go global for a lot of reasons: Perhaps they want to expand into developing markets that are less saturated. Or they may need to conduct global clinical trials to get broader and more diverse participant base.

Akamai and Quantum Dawn 3 - That's a Wrap!

On September 16, 2015 the Securities Industry and Financial Markets Association (SIFMAconducted Quantum Dawn 3, the third in a series of cyber attack exercises against the capital markets industry.  Over 650 people from more than 80 firms and government agencies participated in the exercise.  And this year, for the first time, Akamai was invited to take part.

XOR DDoS Threat Advisory

By Bill Brenner, Akamai SIRT Senior Tech Writer


Akamai's Security Intelligence Response Team (SIRT) is tracking XOR DDoS, a Trojan malware attackers are using to hijack Linux machines to include within a botnet for distributed denial of service (DDoS) campaigns. To date, the bandwidth of DDoS attacks coming from the XOR DDoS botnet has ranged from a few gigabits per second (Gbps) to 150+ Gbps. The gaming sector is the primary target, followed by educational institutions. Akamai SIRT released a threat advisory this morning authored by Security Response Engineer Tsvetelin "Vincent" Choranov.

Akamai, iOS 9 and App Transport Security (ATS)

For app developers who use or are looking to use Akamai application acceleration services, we've provided the following information to help you understand how our services comply with Apple iOS 9 App Transport Security (ATS) requirements. 

Helpful Links:


Meet Akamai's Security Intelligence Response Team

Written by Bill Brenner, senior tech writer in the Akamai SIRT

Akamai has officially launched a new Security Intelligence Response Team that combines the resources of Akamai's CSIRT and Prolexic's PLXsert teams, further integrating Prolexic and Akamai security research.

Akamai SIRT is a dedicated group of cyber threat researchers, analysts and incident responders that monitors malicious cyber threats globally and analyzes these attacks using proprietary techniques and equipment. 

Through research, digital forensics, real time and post-event analysis, Akamai SIRT is able to build a global view of security threats, vulnerabilities, tactics, techniques and procedures (TTPs) as well as trends which are shared with customers and the security community. This further enables Akamai to protect customers from a wide variety of attacks ranging from abuse to scrapers to data breaches to hijacking to distributed denial of service.  By identifying the sources and associated attributes of individual attacks, along with expert analysis to identify and mitigate security threats and vulnerabilities, Akamai SIRT helps organizations make more informed, proactive decisions.

As part of that mission, Akamai SIRT maintains close contact with peer organizations around the world, trains Akamai's security teams to recognize and counter attacks from a wide range of adversaries, acts as subject matter experts for customers under attack, and keeps customers and the security community informed by conducting briefings, issuing advisories, publishing threat intelligence, and producing Akamai's State of the Internet Security Report.

The Akamai SIRT protects customers and the broader public by applying security research, intelligence analysis, and Akamai's unique visibility into Internet threats. 

Akamai SIRT publishes its research in the following places:

Edge 2015: Security Threat Landscape - A Year in review

A quick scheduling note ahead of Akamai Edge 2015: I'll be moderating a panel with fellow Akamai security researchers about the various trends we've been tracking in the last 12 months. If you're at Edge, please join us.

Security Threat Landscape - A Year in review
Description: The more you know about the security threat landscape and the mindset of malicious attackers, the stronger your cloud security strategy defense can be. In this session, members of Akamai's threat intelligence team will show how they use their expertise in security research and threat intelligence to stay one step ahead of cyber attackers. Learn about the threat landscape for 2015, emerging attack trends, techniques, toolkits and botnet activity.Session Date/Time: Wednesday Oct 21, 2:40-3:20 p.m.

The talk is part of a robust security track scheduled for this year. 

Researching WordPress Plugin Flaws

Akamai Security Intelligence Response Team (SIRT) researchers Larry Cashdollar and Chad Seaman have spent months researching vulnerabilities in plug-ins often used with Wordpress. The results of that research are outlined in the Q2 State of the Internet Report, and an excerpt on the section can be found in this Akamai Blog post. In the following post, Larry shares some tips for researching Wordpress plug-ins.


***


By Larry Cashdollar, Senior Security Intelligence Response Engineer


I've been looking at Wordpress plugin code and discovering new vulnerabilities. The vulnerabilities range from Cross Site Scripting, Remote File Inclusion to blind SQL Injection. I'll admit I've enjoyed this research more than my examination of Ruby Gems because with Wordpress you can easily test a proof-of-concept exploit by setting up a Wordpress installation and testing your code against it.

9-11 Anniversary: Danny Lewin's Life and Legacy

Today is the 14th anniversary of the Sept. 11, 2001 terrorist attacks. To mark the occasion, I'd like to share this post from 2013, in which Akamai CEO Tom Leighton and CSO Andy Ellis share memories of co-founder Danny Lewin -- including his tragic death aboard American Airlines Flight 11 that tragic day. They shed more light into Akamai's actions that day, which kept the Internet running in the face of crushing demand for information.

The interviews coincided with the release of a book about Danny called "No Better Time: The Brief, Remarkable Life of Danny Lewin, The Genius Who Transformed The Internet."

Akamai at Cloud Partners Conference

Scheduling note: I'll be moderating a keynote panel at the Cloud Partners Conference in Boston Wednesday, Sept. 16. The conference is Sept. 16-18 at the Hynes Convention Center.

Panel details:
  • Time: 12:30 - 1:30 p.m.
  • Topic: Cloud Risk: Hype Vs. Reality
  • Description: We'll discuss security best practices in the cloud and hear what is and isn't working for different companies. The ultimate lesson: Cloud security is attainable.
  • Moderator: Bill Brenner, Senior Tech Writer, Akamai Security Intelligence Response Team (SIRT)
  • Panelists: Andy Daudelin, Vice President, Cloud and Cloud Networking, AT&T, Mike Davis, CTO, CounterTack and Bernie McGroder, Vice President, Sales Engineering, GTT Communications Inc.

I look forward to a great discussion!