Akamai Diversity
Home > Web Security

Recently in Web Security Category

What You Need To Know About The "ROCA" vulnerability

By Daniel Franke, Infosec Researcher

Akamai is aware of the recently-disclosed "ROCA" vulnerability in cryptographic firmware used in products made by Infineon Technologies. A bug in the firmware's prime-search algorithm used for RSA key generation results in RSA keys that are relatively cheap and inexpensive to factor. The bug impacts Infineon Trusted Platform Modules (TPMs) as well as many smartcards and Hardware Security Modules (HSMs) that use Infineon chips but do not carry Infineon branding, notably including the popular YubiKey 4. In some cases, it may be possible to patch affected devices with an OEM-supplied firmware update. In other cases, the hardware must be replaced.

 

I can Haz TLS 1.3 ?

Everybody wants to be able to use TLS 1.3. Among the reasons are:

Fast Flux Botnet: Research Results

Just like that, another Akamai Edge has come and gone. If you were able to join us this year, I hope you had a chance to stop by my presentation on Threat Intelligence Insights: An In-Depth Analysis of a Fast Flux Botnet.

KRACK Vulnerability in WiFi WPA2

Akamai is aware of a family of vulnerabilities known as the Key Reinstallation Attack or KRACK.  These vulnerabilities abuse implementation flaws found in all modern wireless networks using WPA2. The KRACK attack is effective at the protocol level and therefore affects all systems using current WiFi encryption, including iOS, Linux, Windows and Android.  The vulnerabilities allow the attacker to reinstall a previously used cryptographic key. This would allow for the decryption, injection, or forging of traffic on the affected network, depending on which vulnerability is used.

Data Breaches and Credential Stuffing: Don't Get TKOd

It has been a very rough month for the information security community.  It feels like we've been on the losing end of a championship fight against Floyd Mayweather. 

Introduction to DNS Data Exfiltration

Written by Asaf Nadler and Avi Aminov

Spyware is a malicious software (malware) used to gather information about a person or organization without their consent. In a typical setting, a remote server, that acts as a command and control server (C&C), waits for an incoming connection from the spyware that contains the gathered information. Statistics reported by Avast estimate that nowadays over 100M types of spyware are active worldwide.

In the presence of network security products (e.g., firewalls, secure web gateways, and antiviruses), spyware must communicate with its C&C server over a covert channel, to prolong its operation. Among commonly used covert channels, the domain name system (DNS) protocol stands out.

Written by Mani Sundaram, SVP Global Services & Support; Francis Trentley, VP Security Services & Support; Roger Barrango, Director Global Security Operations.

Hurricane Irma affected millions this week. As always here at Akamai, taking care of people comes first, and the wellbeing of our team was the foremost priority. Akamai had both personnel and facilities in the storm path and operated with an abundance of caution to ensure the safety of our people as well as continued continuity of operations for our customers.

WireX update: UDP attack capabilities

*Akamai would like to acknowledge the research by F5 containing additional information on the capabilities of this malware, released September 2nd.

Finding new features

The WireX botnet was discovered due to its role in a series of prolonged attacks against several organizations. It was brought to our attention, thanks to researchers at 360.cn, that some WireX samples found in the wild appeared to have additional UDP attack capabilities that weren't discussed in the initial publication.

Introduction

On August 17th, 2017, multiple Content Delivery Networks (CDNs) and content providers were subject to significant attacks from a botnet dubbed WireX. The botnet is named for an anagram for one of the delimiter strings in its command and control protocol. The WireX botnet comprises primarily Android devices running malicious applications and is designed to create DDoS traffic. The botnet is sometimes associated with ransom notes to targets.

A few days ago, Google was alerted that this malware was available on its Play Store. Shortly following the notification, Google removed hundreds of affected applications and started the process to remove the applications from all devices.

What makes a good "DNS Blacklist"? - Part 2

In "What makes a good 'DNS Blacklist'? - Part 1", we explored the background and factors that have gone into Akamai's thinking behind New security products like Enterprise Threat Protect (ETP). This article continues with a list of factors and questions to ask any DNS Threat Feed providers, including Akamai.

What should enterprises look for in the DNS Threat Policies?

DNS Threat Policies are more than a DNS Blacklist.  The term "DNS threat policy" refers to a combination of three factors: the reputation of the FQDNs or IP, the reference to the threat vector (C&C, downloader, etc),  and the action (NXDOMAIN, Null Response, Redirect to Remediation Page, Redirect to Tracker, etc). A DNS Threat Policy is more than a "threat feed." It is more than a "DNS blacklist.".