The Akamai BlogSubscribe
Threat Watch: Bad Actors and Attack Techniques, Part ...
A roundup of attack activity, vectors and those responsible, based on PLXSert/CSIRT advisories issued in recent weeks: DD4BC: Operation Update and FAQ DD4BC, the malicious group responsible for several Bitcoin extortion campaigns last year, continues to expand attacks against Akamai customers. Researchers from Akamai's PLXsert and CSIRT teams continue to investigate attack activity related to the group. RIPv1 Reflection DDoS Making a Comeback Akamai's Prolexic Security Engineering & Research Team
DD4BC: Operation Update and FAQ
DD4BC, the malicious group responsible for several Bitcoin extortion campaigns last year, continues to expand attacks against Akamai customers. Researchers from Akamai's PLXsert and CSIRT teams continue to investigate attack activity related to the group. In recent weeks, the frequency of customers receiving ransom emails from this band of chaotic actors has steadily grown. DD4BC continues to inform victims that they will launch a DDoS attack of 400-500 Gbps
Time-to-Mitigate SLAs and the Irony of Being a Marke ...
As a professional marketer, it can be a little ironic how often you're frustrated when people you care about are influenced by marketing in ways that can't possibly be good for them. Everybody knows that marketers do nothing but lie all day - or "spin" as they call it. And as far as the profession goes, there's probably some truth to that. But there are plenty of marketers out
OpenSSL Vulnerability (CVE-2015-1793)
Akamai is aware of the OpenSSL vulnerability addressed in OpenSSL versions 1.0.2d and 1.0.1p on Thursday, July 9, 2015. Akamai does not use the vulnerable versions of OpenSSL and is therefore not affected. The OpenSSL team advisory outlines the vulnerability and fixes. The advisory states:During certificate verification, OpenSSL (starting from version 1.0.1n and 1.0.2b) will attempt to find an alternative certificate chain if the first attempt to build such
RIPv1 Reflection DDoS Making a Comeback
Akamai's Prolexic Security Engineering & Research Team (PLXsert) has been monitoring an uptick in a form of DDoS reflection thought to be mostly abandoned. This attack vector, which involves the use of an outdated routing protocol in RIPv1, began showing up in active campaigns again on May 16th after being dormant for more than a year. The latest attacks observed, as described later, are apparently making use of only a
OpenSSL Vulnerabilities (CVE-2015-1788 & CVE-2015-17 ...
Akamai is aware of a recently disclosed vulnerability in OpenSSL that can be exploited to perform denial of service attacks against any system which processes public keys, certificate requests, or certificates. The announcement for CVE-2015-1788 (discovered by Joseph Barr-Pixton and fixed by Andy Polyakov of the OpenSSL development team) and CVE-2015-1789 (discovered independently by Robert Swiecki and Hanno Böck) can be found here. The fix was developed by Emilia Käsper
SOTI Security Series: Magnified View of DDoS Attack ...
In Akamai's most recent SOTI (State of the Internet) Security Report (Download the Q1 2015 report here), two areas of research focused on the most frequent attack types by target industry, and DDoS attack distribution between Q1 2014 and the same period a year later.Since the report's release, we've delved deeper into the data and came up with two charts showing a more granular view based on Fig. 1-4 and
SOTI Security Series: Exploratory Data Analysis of a ...
By Richard Willey, Senior Program Manager - Adversarial ResilienceAkamai maintains a database that records information about different attacks it has observed. The ongoing analysis of that database is captured each quarter in Akamai's State of the Internet Security Report. (Download the Q1 2015 report here.) But even after a report is released, researchers continue to dig deeper into the data and provide updates.To that end, this article describes an exploratory
Akamai, Trustwave Form Strategic Alliance
Akamai has announced a new strategic alliance with Trustwave, designed to help businesses more effectively fight myriad threats through vulnerability assessment, denial-of-service prevention and incident response. From the press release: "Through this partnership, Akamai and Trustwave plan to make available to their respective customers select technology solutions and security services from each company's portfolio. The strategic relationship is intended to allow both companies to provide a broader set of cyber security