Akamai Diversity
Home > Web Security

Recently in Web Security Category

Memcached-fueled 1.3 Tbps attacks

At 17:28 GMT, February 28th, Akamai experienced a 1.3 Tbps DDoS attack against one of our customers, a software development company, driven by memcached reflection. This attack was the largest attack seen to date by Akamai, more than twice the size of the September, 2016 attacks that announced the Mirai botnet and possibly the largest DDoS attack publicly disclosed. Because of memcached reflection capabilities, it is highly likely that this record attack will not be the biggest for long.

 

Memcached UDP Reflection Attacks

Akamai is aware of a new DDoS reflection attack vector: UDP-based memcached traffic.  Memcached is a tool meant to cache data and reduce strain on heavier data stores, like disk or databases. The protocol allows the server to be queried for information about key value stores and is only intended to be used on systems that are not exposed to the Internet. There is no authentication required with memcached.  When this is added to the ability to spoof IP addresses of UDP traffic, the protocol can be easily abused as a reflector when it is exposed to the Internet. Akamai has seen multiple attacks, some  in excess of 190 Gbps,  with the potential for much larger attacks.

Wordpress DoS Attack: CVE-2018-6389

Overview

On February 5, an Israeli security researcher, Barak Tawily, discovered a Denial of Service (DoS) attack impacting all 3.x-4.x versions of the Wordpress content management platform.  The vulnerability is currently unpatched and relies on a performance boosting feature in Wordpress allowing Javascript and style sheets to be loaded in bulk via a single request. The attack does not affect the Akamai platform, but it does affect any customers using Wordpress unless proper protections are enabled.

 

Humans, Machines and Data: Fighting Mirai, Together

By Yohai Einav, Hongliang Liu

Background

It's been 18 months since Mirai entered our lives, and, unfortunately, we expect it to have a perennial presence in our cyber-world for years to come. If we look at the big picture, all indicators suggest that the Mirai problem (and its descendants) is just going to increase, with the growing number of IoT devices in the world and the improvement in IoT hardware (which makes them a more enticing opportunity for attackers - better computing power means a potential for more advanced attacks) being two primary reasons.

This makes Mirai research more urgent, and subsequently, makes DNS-based security more important. There are very few points in time when you can stop Mirai, and blocking its C&C communications in the DNS layer is one of the most effective ways (blocking C&C communications disrupts the bots' ability to receive commands and turn them into less-harmful zombies).

 

The days of VPNs are numbered

We have been talking about how it's time to re-evaluate giving full access to the corporate network for some time. In fact, Akamai's Sr. Director of Enterprise Security & Infrastructure Engineering talks about one of his core goals--No VPN--here.

Over the last few days, I am sure many teams who are taking the No VPN route are even more thankful. The recent news about yet another patching fire drill--this time due to a vulnerability in SSL VPN functionality of a popular security appliance--has left many security and IT teams dismayed.

There has to be an easier way, right?

Great news: If you're a security professional, your skills have never been more in demand. On the flip side, if you're looking for security talent, the search will likely be lengthy and difficult.

ISACA predicts that by 2019 there will be a shortage of two million cyber security professionals globally. And in a survey released by ESG and ISSA in November 2017, 70% of respondents stated that security skills shortages were impacting their organization. The survey also highlighted that highly- experienced staff were overloaded dealing with urgent security events that left them little time to focus on security strategy or training.

Algorithms, Alerts, and Akamai Threat Intelligence

Let me start by posing a question: If in one week security solution A produces 120 alerts and security solution B produces 45 alerts, which solution is providing you with more effective protection? The answer is: It depends.

On the face of it, solution A appears to be more effective because it's delivering more alerts than solution B. But what if solution A is actually delivering a considerable number of alerts that don't represent a real security risk to the organization, or in other words, are false positive alerts?

Gone Phishing For The Holidays

Written by Or Katz and Amiram Cohen

Overview:

While our team, Akamai's Enterprise Threat Protector Security Research Team, monitored internet traffic throughout the 2017 holiday season, we spotted a wide-spread phishing campaign targeting users through an advertising tactic. During the six week timeframe, we tracked thirty different domains with the same prefix: "holidaybonus{.}com". Each one advertised the opportunity to win an expensive technology prize - a free iPhone 8, PlayStation 4, or Samsung Galaxy S8.

The websites associated with this phishing campaign used a combination of social engineering techniques such as creating trust (by using the reputation of well-known companies) and dismantling suspicion (through IP verification and social sharing). They lead users to willingly give away sensitive information by asking them to answer three trivia questions and submit their email address in order to win one of the offered prizes.

 

The Botconf Experience

By Yohai Einav, Amir Asiaee, Ali Fakiri-Tabrizi and Alexey Sarychev

Originally Posted on January 4, 2018

Earlier this month we took our show on the road, presenting some of our team's work at the Botconf conference in beautiful Montpellier, France. We could talk here for hours about the food, wine, culture, etc., but it would probably be more plausible for our readers to learn about the current developments in the war against bots first. So we'll start with that and perhaps get to the food discussion in the appendix.

 

A Death Match of Domain Generation Algorithms

By Hongliang Liu and Yuriy Yuzifovich

Originally posted on December 29, 2017 

Today's post is all about DGA's (Domain Generation Algorithms): what they are, why they came into existence, what are some use cases where they are used, and, most importantly - how to detect and block them. As we will demonstrate here, the most effective defense against DGAs is a combination of traditional methods with modern machine intelligence.