Akamai Diversity
Home > Web Security

Recently in Web Security Category

Written by Mani Sundaram, SVP Global Services & Support; Francis Trentley, VP Security Services & Support; Roger Barrango, Director Global Security Operations.

Hurricane Irma affected millions this week. As always here at Akamai, taking care of people comes first, and the wellbeing of our team was the foremost priority. Akamai had both personnel and facilities in the storm path and operated with an abundance of caution to ensure the safety of our people as well as continued continuity of operations for our customers.

WireX update: UDP attack capabilities

*Akamai would like to acknowledge the research by F5 containing additional information on the capabilities of this malware, released September 2nd.

Finding new features

The WireX botnet was discovered due to its role in a series of prolonged attacks against several organizations. It was brought to our attention, thanks to researchers at 360.cn, that some WireX samples found in the wild appeared to have additional UDP attack capabilities that weren't discussed in the initial publication.

Introduction

On August 17th, 2017, multiple Content Delivery Networks (CDNs) and content providers were subject to significant attacks from a botnet dubbed WireX. The botnet is named for an anagram for one of the delimiter strings in its command and control protocol. The WireX botnet comprises primarily Android devices running malicious applications and is designed to create DDoS traffic. The botnet is sometimes associated with ransom notes to targets.

A few days ago, Google was alerted that this malware was available on its Play Store. Shortly following the notification, Google removed hundreds of affected applications and started the process to remove the applications from all devices.

What makes a good "DNS Blacklist"? - Part 2

In "What makes a good 'DNS Blacklist'? - Part 1", we explored the background and factors that have gone into Akamai's thinking behind New security products like Enterprise Threat Protect (ETP). This article continues with a list of factors and questions to ask any DNS Threat Feed providers, including Akamai.

What should enterprises look for in the DNS Threat Policies?

DNS Threat Policies are more than a DNS Blacklist.  The term "DNS threat policy" refers to a combination of three factors: the reputation of the FQDNs or IP, the reference to the threat vector (C&C, downloader, etc),  and the action (NXDOMAIN, Null Response, Redirect to Remediation Page, Redirect to Tracker, etc). A DNS Threat Policy is more than a "threat feed." It is more than a "DNS blacklist.".

What makes a good "DNS Blacklist"? - Part 1

Reflections on Modern Actionable Threat Intelligence used to turn a DNS Resolver into a Critical Security Tool

Akamai has just launched the Enterprise Threat Protection (ETP) platform. ETP is built on Akamai's global AnswerX Cloud that now reaches 28 countries and is expanding to new countries every month. As a new player in Cloud DNS resolver services, competitors will ask "why Akamai?" or "what gives Akamai the knowledge and capacity to build effective DNS blacklists?" These are good questions from our competition, and are also questions that our customers should ask. Let's explore why Akamai is in a unique position to help enterprises and carriers use Akamai's Cloud Security Intelligence (CSI) as a DNS Security Policy tool.

"Don't work for recognition, but do work worthy of recognition" - H. Jackson Brown.

A friend sent this quote to me after I explained to her my ambivalence about being recognized by Gartner as a "Leader" in their Web Application Firewall Magic Quadrant.  I had mixed feelings because I wanted to believe that I knew the market, I knew our competitors, and I certainly already knew what our customers were telling us about our Web Application Firewall.  Our customers are happy.  The product is getting better.  Market share is growing in a growing market.  I didn't need someone else to tell me we were a leader!   In other words, like most - if not all - of my colleagues and friends, I want to feel intrinsic pride in the work that I do. 

Larry's Cabinet of Web Vulnerability Curiosities

One of my responsibilities as a member of the Akamai Security Intelligence Response Team (SIRT) is to research new web application vulnerabilities. For the last year, I have focused on Wordpress plugin vulnerabilities, and looking for any interesting code tidbits in my box of Wordpress toys.  There are almost 50,000 wordpress plugins (at time of publication) and Wordpress is the Content Management System (CMS) of choice for over 30 million websites. This creates a very large Internet footprint.  I've been asked if I have any 0days or interesting research tidbits that I've come across and would be willing to share.  The answer is, "No, I don't have high value 0days to sell on the dark web!"

Part 1: Reading SPAM for Research

 I recently wrote an article for Information Security Magazine where I explained how internet security researchers could use their spam folders as a resource tool.  It got me thinking about going into greater detail on what I've found in my inbox.

Phishing Sites

I noticed an increase in "free gift cards" and other e-commerce type offers in my spam email account around Black Friday the day after Thanksgiving, which didn't subside until the end of the holiday season, several weeks later. These e-mails claimed to offer me a free $50 dollar Amazon gift card. When I click the link it leads me to a bogus but almost legitimate looking Amazon login site in an attempt to nab my login credentials.  The broken TLS lock icon and odd looking URL are a dead giveaway as to suspect this site isn't legitimate.  

 

There's an old adage that if something seems too good to be true, it probably is. If you're like me, you can apply this to your own experiences. For example, about 5 years ago a small chain of gyms that exclusively used vibrating exercise machines popped up near my home. Their gym goers would stand on a vibration platform for 15 minutes while reading or watching TV. The gym promised weight loss, fat burn, improved flexibility, and enhanced blood flow. The thought of getting a complete workout in 15 minutes without breaking a sweat is pretty appealing. I'm in! Unfortunately, research (or lack thereof) brings us back to reality and it appears that adage about something being too good to be true applies once again and those people who stood on a vibrating platform for exercise, at best experienced minor caloric burn.

Your customers are unique and they all expect fast, secure, personalized digital experiences. They are spread across the world, in regions of varying network connectivity, utilize a plethora of devices and screen sizes - making it challenging to deliver your experiences.

By delivering 95 Exabytes of data over billions of devices every year, Akamai provides the world's largest and most trusted cloud delivery platform that empowers you to provide fast, secure, scalable and reliable experiences. It is the only platform that seamlessly integrates web and mobile performance, cloud security, enterprise access and video delivery solutions helping you deliver consistent superior experiences no matter where the customers are and what device they are using.