Akamai Diversity

The Akamai Blog

Akamai SIRT Alerts

Akamai SIRT Alerts

March 2, 2018 5:00 PM

memcached, now with extortion!

Over the past week, memcached reflection attacks have taken the DDoS scene by storm. With several attacks hitting organizations across many industries, including a record breaking 1.3Tbps attack against an Akamai customer. Akamai has observed a new trend in extortion attempts using memcached payloads to deliver the message.

Akamai SIRT Alerts

Akamai SIRT Alerts

March 1, 2018 7:54 AM

Memcached-fueled 1.3 Tbps attacks

At 17:28 GMT, February 28th, Akamai experienced a 1.3 Tbps DDoS attack against one of our customers, a software development company, driven by memcached reflection. This attack was the largest attack seen to date by Akamai, more than twice the size of the September, 2016 attacks that announced the Mirai botnet and possibly the largest DDoS attack publicly disclosed. Because of memcached reflection capabilities, it is highly likely that this

Akamai SIRT Alerts

Akamai SIRT Alerts

February 27, 2018 2:52 PM

Memcached UDP Reflection Attacks

Akamai is aware of a new DDoS reflection attack vector: UDP-based memcached traffic. Memcached is a tool meant to cache data and reduce strain on heavier data stores, like disk or databases. The protocol allows the server to be queried for information about key value stores and is only intended to be used on systems that are not exposed to the Internet. There is no authentication required with memcached. When

Larry Cashdollar

Larry Cashdollar

February 15, 2018 8:00 AM

Wordpress DoS Attack: CVE-2018-6389

Overview On February 5, an Israeli security researcher, Barak Tawily, discovered a Denial of Service (DoS) attack impacting all 3.x-4.x versions of the Wordpress content management platform. The vulnerability is currently unpatched and relies on a performance boosting feature in Wordpress allowing Javascript and style sheets to be loaded in bulk via a single request. The attack does not affect the Akamai platform, but it does affect any customers using

AkamAI Research

AkamAI Research

February 13, 2018 9:00 AM

Humans, Machines and Data: Fighting Mirai, Together

By Yohai Einav, Hongliang Liu Background It's been 18 months since Mirai entered our lives, and, unfortunately, we expect it to have a perennial presence in our cyber-world for years to come. If we look at the big picture, all indicators suggest that the Mirai problem (and its descendants) is just going to increase, with the growing number of IoT devices in the world and the improvement in IoT hardware

Lorenz Jakober

Lorenz Jakober

February 1, 2018 7:11 PM

The days of VPNs are numbered

We have been talking about how it's time to re-evaluate giving full access to the corporate network for some time. In fact, Akamai's Sr. Director of Enterprise Security & Infrastructure Engineering talks about one of his core goals--No VPN--here. Over the last few days, I am sure many teams who are taking the No VPN route are even more thankful. The recent news about yet another patching fire drill--this time

Jim Black

Jim Black

January 26, 2018 9:00 AM

The New Cyber Landscape: More Threats, But Fewer Sec ...

Great news: If you're a security professional, your skills have never been more in demand. On the flip side, if you're looking for security talent, the search will likely be lengthy and difficult. ISACA predicts that by 2019 there will be a shortage of two million cyber security professionals globally. And in a survey released by ESG and ISSA in November 2017, 70% of respondents stated that security skills shortages

Jim Black

Jim Black

January 24, 2018 2:50 PM

Algorithms, Alerts, and Akamai Threat Intelligence

Let me start by posing a question: If in one week security solution A produces 120 alerts and security solution B produces 45 alerts, which solution is providing you with more effective protection? The answer is: It depends. On the face of it, solution A appears to be more effective because it's delivering more alerts than solution B. But what if solution A is actually delivering a considerable number of

Or Katz

Or Katz

January 19, 2018 1:33 AM

Gone Phishing For The Holidays

Written by Or Katz and Amiram Cohen Overview: While our team, Akamai's Enterprise Threat Protector Security Research Team, monitored internet traffic throughout the 2017 holiday season, we spotted a wide-spread phishing campaign targeting users through an advertising tactic. During the six week timeframe, we tracked thirty different domains with the same prefix: "holidaybonus{.}com". Each one advertised the opportunity to win an expensive technology prize - a free iPhone 8, PlayStation