Akamai Diversity
Home > Web Security

Recently in Web Security Category

Akamai, Mirai, & The FBI

Through the end of 2016, and throughout 2017, multiple Mirai-based botnets targeted multiple Akamai customers. The very first Mirai attack against Akamai was a multi-day barrage, weighing in at a peak of 620/Gbps that sent shockwaves across the Internet. The same botnet would go on to conduct several hard hitting attacks across the Internet and cause widespread outages. 

On December 13, 2017, the Department of Justice (DOJ) announced that multiple actors pled guilty to attacks linked to the original Mirai botnet. In this announcement they also listed Akamai and other organizations as a source of "additional assistance".

"Additional assistance was provided by the FBI's New Orleans and Pittsburgh Field Offices, the U.S. Attorney's Office for the Eastern District of Louisiana, the United Kingdom's National Crime Agency, the French General Directorate for Internal Security, the National Cyber-Forensics & Training Alliance, Palo Alto Networks Unit 42, Google, Cloudflare, Coinbase, Flashpoint, Yahoo and Akamai."

Researchers at Akamai have been involved in the dissection and tracking of the Mirai botnet from the very beginning and have been actively working to keep up with the evolution of Mirai and its many variants since. We want to use this opportunity to explain the role Akamai played in the research leading up to FBI's investigations.

In the hours following the initial attacks, researchers from Akamai SIRT, Flashpoint, CloudFlare, Google, Yahoo, Palo Alto Networks, and more, began to take notice and work toward understanding the who, what, why, and how that made attacks of this magnitude possible.  Individuals at these organizations formed an informal working group in order to share the knowledge they were gleaning on the nature of the new threat. 

Malware samples believed to be associated with a new, and mostly unknown, botnet were seen across several honeypots in the wild. This quickly-growing botnet was not only observed infecting honeypots, but was also identified based on its continually growing footprint of scanning and brute-forcing activities.

Researchers at Akamai began analyzing the malware to reverse engineer its network protocols and capabilities. The discoveries we made related to communication strategies, command and control protocol structures, attack capabilities, attack traffic signatures, as well as other valuable data was collected, documented, and ultimately shared to aid in collaboration across the working group of researchers and their respective organizations.

These findings and information proved valuable in helping other organizations defend against the Mirai botnet as well as assisting the FBI to understand, correlate, and attribute attacks back to specific botnets and suspected DDoS-for-hire operations.

We at Akamai appreciate the FBI and DOJ for acknowledging our hard work on the Mirai botnet research and their continued efforts to help victims and organizations to combat cybercrime.

Together we can all do our part to help make and keep the Internet "Fast, Reliable, and Secure".

High fives to everyone involved!

 

The results are in, Black Friday and Cyber Monday broke all records in 2017 as the total revenue for these days exceeded $11.5 billion. Anticipating that more consumers would shop online, retailers invested in digital experiences and geared up for the holidays by (i) stocking fewer items in stores to reduce inventory costs and (ii) hiring few seasonal workers. Retailers' predictions were accurate, and their investment in digital experiences paid off, as close to 40% of the Black Friday revenue was generated via mobile devices.

We, at Akamai, typically see a huge surge in traffic on our platform on Black Friday and Cyber Monday, and this year was no exception. Using our mPulse technology to capture real user data and correlate web and mobile performance to user behavior, we observed an overall global increase in mobile device conversion rates in 2017. Our data highlights that retailers have understood and implemented strategies to improve the digital experience for their users, and that those investments are paying off, especially on mobile devices. Here are the key trends that we observed on our platform and which resulted in a successful holiday season:

Layered Security Without the Layered Complexity

With the recent influx of news reports regarding security incidents, more Chief Information Security Officers (CISOs), Chief Information Officers (CIOs), and IT professionals are reviewing current security infrastructures, policies, and practices to identify potential weaknesses in their security posture. This has long been best practice, but with the progressive use of various attack and threat vectors now employed by malicious actors against businesses, this practice must be constantly in play and the execution plan must be dynamic, adjusting to the ever-evolving security threat landscape.

 

hacker-maximize-security-insights.jpg

Since 2005, when Gartner coined the term, SIEM (Security Information and Event Management) solutions have grown in importance for the security industry.

SIEM solutions provide a centralized view to easily access and analyze security information from multiple sources, and then prioritize mitigation efforts based on risk profiles. SIEM also helps organizations meet their security log analysis and incident/event reporting requirements.

What You Need To Know About The "ROCA" vulnerability

By Daniel Franke, Infosec Researcher

Akamai is aware of the recently-disclosed "ROCA" vulnerability in cryptographic firmware used in products made by Infineon Technologies. A bug in the firmware's prime-search algorithm used for RSA key generation results in RSA keys that are relatively cheap and inexpensive to factor. The bug impacts Infineon Trusted Platform Modules (TPMs) as well as many smartcards and Hardware Security Modules (HSMs) that use Infineon chips but do not carry Infineon branding, notably including the popular YubiKey 4. In some cases, it may be possible to patch affected devices with an OEM-supplied firmware update. In other cases, the hardware must be replaced.

 

I can Haz TLS 1.3 ?

Everybody wants to be able to use TLS 1.3. Among the reasons are:

Fast Flux Botnet: Research Results

Just like that, another Akamai Edge has come and gone. If you were able to join us this year, I hope you had a chance to stop by my presentation on Threat Intelligence Insights: An In-Depth Analysis of a Fast Flux Botnet.

KRACK Vulnerability in WiFi WPA2

Akamai is aware of a family of vulnerabilities known as the Key Reinstallation Attack or KRACK.  These vulnerabilities abuse implementation flaws found in all modern wireless networks using WPA2. The KRACK attack is effective at the protocol level and therefore affects all systems using current WiFi encryption, including iOS, Linux, Windows and Android.  The vulnerabilities allow the attacker to reinstall a previously used cryptographic key. This would allow for the decryption, injection, or forging of traffic on the affected network, depending on which vulnerability is used.

Data Breaches and Credential Stuffing: Don't Get TKOd

It has been a very rough month for the information security community.  It feels like we've been on the losing end of a championship fight against Floyd Mayweather. 

Introduction to DNS Data Exfiltration

Written by Asaf Nadler and Avi Aminov

Spyware is a malicious software (malware) used to gather information about a person or organization without their consent. In a typical setting, a remote server, that acts as a command and control server (C&C), waits for an incoming connection from the spyware that contains the gathered information. Statistics reported by Avast estimate that nowadays over 100M types of spyware are active worldwide.

In the presence of network security products (e.g., firewalls, secure web gateways, and antiviruses), spyware must communicate with its C&C server over a covert channel, to prolong its operation. Among commonly used covert channels, the domain name system (DNS) protocol stands out.