Akamai Diversity
Home > Web Security

Recently in Web Security Category


Akamai's 8th Annual Customer Conference is approaching quickly and we have some great industry speakers joining us to share how they are overcoming some of the toughest challenges in Commerce. 

Speakers from Norwegian Cruise Lines, Crocs, Mary Kay and Guitar Center, among many others will share ideas, best practices and tactics to improve customer experience and increase key performance metrics as we address key trends shaping the industry.

Q2 2015 State of the Internet Security Report Released

Akamai has released the Q2 2015 State of the Internet Security Report. This quarter's report, which provides analysis and insight into the global cloud security threat landscape, can be downloaded here.

Previews for the Q2 State of the Internet Security Report:


Q2 SOTI Security Preview: The Shellshock Effect

This is the final preview for the Q2 2015 State of the Internet Security Report, which comes out tomorrow. Here, we take a look at web application attacks and the impact that comes with adding two attack types to the picture. Note: We'll show the actual percentages for these attacks once the report is officially released. One more day!

Previews for the Q2 State of the Internet Security Report:


Q2 SOTI Security Preview: Tor Pros and Cons

The Q2 2015 State of the Internet Security Report (SOTI Security) is due out in the next couple of weeks, and today we continue previewing various sections. 

Tuesday we told you about security risks that come into play when third-party plug-ins are used with Wordpress. Yesterday we looked at attack vectors the bad guys favored in Q2. Today we look at the security risks businesses face when using Tor.

The Q2 2015 State of the Internet Security Report (SOTI Security) is due out in the next couple of weeks, and today we continue previewing various sections.

Yesterday we told you about security risks that come into play when third-party plug-ins are used with Wordpress. Today we look at attack vectors the bad guys favored in Q2.

The Q2 2015 State of the Internet - Security Report (SOTI Security) is due out in the next couple of weeks, and today we begin previewing various sections. Let's begin with the potential security risks that come into play when third-party plug-ins are used with Wordpress.

WordPress is the world's most popular website and blogging platform. Its ever-growing popularity makes it an attractive target for attackers who aim to exploit hundreds of known vulnerabilities to build botnets, spread malware and launch DDoS campaigns.

This month we'll release the Q2 2015 State of the Internet Security Report. Tomorrow, we'll begin previewing sections of that report in this blog.

But before we begin, a look back at the previous quarter's report is in order. Such a review will better position readers to digest the new report and do some comparing and contrasting. Every report highlights a new trend, but we also see things that don't change much from one quarter to the next. The challenge is in finding activity that bucks normal trends.

Defending Against DD4BC Cyber Attacks

To date, over a dozen Akamai customers have been the targets of DD4BC, a group of cyber attackers who use a series of politely worded, yet increasingly threatening email messages to extort a 25 Bitcoin ransom (approximately $5,750 in US dollars) in exchange for stopping attacks on the victims' sites and number if victims is increasing. DD4BC starts out with what they call "small demonstrative attacks" that will not crash the site and last for one hour "just to prove that we are serious." Those companies that continue to ignore DD4BC's 24-hour ransom demand receive subsequent emails upping the ransom to 50-100 Bitcoins and threatening long-term UDP flood attacks at 400 to 500 Gbps - which they warn will not be easy to mitigate.


Earlier today (Aug 6, 2015) at the Black Hat Security Conference in Las Vegas, Bishop Fox, a security research and penetration testing firm, announced the discovery of a vulnerability that allows an outside actor to conduct a cross-site request forgery (CSRF)/Server-Side Request Forgery (SSRF) attack using a combination of exploits. This vulnerability relied on the Akamai platform in two ways: specially-crafted legacy resource locators (also called v1 ARLs) in combination with specific versions of Flow Player.

I was ready for a relaxing vacation on the Mexican Riviera Maya where the warm waters and cool drinks would provide the backdrop for a great week.  Making the Internet fast, reliable and secure every day is demanding work so I was happy to temporarily leave my thoughts about Akamai at home, spend quality time with family, and sneak in a book that I've been wanting to read for a while.