The Akamai BlogSubscribe
Defending Against DD4BC Cyber Attacks
To date, over a dozen Akamai customers have been the targets of DD4BC, a group of cyber attackers who use a series of politely worded, yet increasingly threatening email messages to extort a 25 Bitcoin ransom (approximately $5,750 in US dollars) in exchange for stopping attacks on the victims' sites and number if victims is increasing. DD4BC starts out with what they call "small demonstrative attacks" that will not crash
Details on the Cross-Site Request Forgery Vulnerabil ...
Earlier today (Aug 6, 2015) at the Black Hat Security Conference in Las Vegas, Bishop Fox, a security research and penetration testing firm, announced the discovery of a vulnerability that allows an outside actor to conduct a cross-site request forgery (CSRF)/Server-Side Request Forgery (SSRF) attack using a combination of exploits. This vulnerability relied on the Akamai platform in two ways: specially-crafted legacy resource locators (also called v1 ARLs) in combination
Flash Boys & Web Performance on the Riviera Maya
I was ready for a relaxing vacation on the Mexican Riviera Maya where the warm waters and cool drinks would provide the backdrop for a great week. Making the Internet fast, reliable and secure every day is demanding work so I was happy to temporarily leave my thoughts about Akamai at home, spend quality time with family, and sneak in a book that I've been wanting to read for a
Quantum Dawn and the Need for Testing in Security In ...
Last night I watched an On Demand episode of The American Experience titled Blackout, which recounted the 1977 power failure in New York City and its lasting impact on city due to widespread looting and destruction. With the power completely out, the operators at Con Ed got to work restoring power using a manual that was last updated after another massive blackout - in 1965.
Talk on CDN vulnerability at Black Hat USA 2015
Akamai is aware of a talk scheduled for Black Hat USA 2015 this week that will discuss some potential issues with platforms like ours. Mike Brooks and Matthew Bryant, security analysts at Bishop Fox, will give the following talk on Aug. 6: BYPASS SURGERY ABUSING CONTENT DELIVERY NETWORKS WITH SERVER-SIDE-REQUEST FORGERY (SSRF) FLASH AND DNS
BIND DoS Vulnerability (CVE-2015-5477)
Akamai is aware of a recently disclosed critical vulnerability in BIND (CVE-2015-5477) that can be exploited to cause a denial of service. How does the attack work? An attacker can cause BIND to exit by using a constructed packet to trigger a REQUIRE assertion via defective handling of a TKEY query. How is Akamai affected? Akamai's Fast DNS / EDNS authoritative name servers do not run BIND and as
OurMine Team Attack Exceeded 117 Gbps
A new hacking group has landed on the Akamai's PLXsert and CSIRT radar for taking responsibility for launching DDoS attacks against several of our customers in the financial services sector.The entity calls itself the "OurMine Team" and if it is to be believed, it has gained access to one customer's $500,000 account. The group has announced it will give that money to the poor.
How to Tell a Landscaper From a Thief
If I can see a person standing in front of a neighboring house inspecting the windows and the doors, should I call the police? Maybe it is the air-condition technician looking for the best place to install a new air-condition unit, or maybe it is a robber doing reconnaissance and checking what is the easiest way to get into the house. It is hard to tell! Now what if
Threat Watch: Bad Actors and Attack Techniques, Part ...
A roundup of attack activity, vectors and those responsible, based on PLXSert/CSIRT advisories issued in recent weeks: DD4BC: Operation Update and FAQ DD4BC, the malicious group responsible for several Bitcoin extortion campaigns last year, continues to expand attacks against Akamai customers. Researchers from Akamai's PLXsert and CSIRT teams continue to investigate attack activity related to the group. RIPv1 Reflection DDoS Making a Comeback Akamai's Prolexic Security Engineering & Research Team