Recently in Web Security Category

 I recently wrote an article for Information Security Magazine where I explained how internet security researchers could use their spam folders as a resource tool.  It got me thinking about going into greater detail on what I've found in my inbox.

Phishing Sites

I noticed an increase in "free gift cards" and other e-commerce type offers in my spam email account around Black Friday the day after Thanksgiving, which didn't subside until the end of the holiday season, several weeks later. These e-mails claimed to offer me a free $50 dollar Amazon gift card. When I click the link it leads me to a bogus but almost legitimate looking Amazon login site in an attempt to nab my login credentials.  The broken TLS lock icon and odd looking URL are a dead giveaway as to suspect this site isn't legitimate.  

There's an old adage that if something seems too good to be true, it probably is. If you're like me, you can apply this to your own experiences. For example, about 5 years ago a small chain of gyms that exclusively used vibrating exercise machines popped up near my home. Their gym goers would stand on a vibration platform for 15 minutes while reading or watching TV. The gym promised weight loss, fat burn, improved flexibility, and enhanced blood flow. The thought of getting a complete workout in 15 minutes without breaking a sweat is pretty appealing. I'm in! Unfortunately, research (or lack thereof) brings us back to reality and it appears that adage about something being too good to be true applies once again and those people who stood on a vibrating platform for exercise, at best experienced minor caloric burn.

Your customers are unique and they all expect fast, secure, personalized digital experiences. They are spread across the world, in regions of varying network connectivity, utilize a plethora of devices and screen sizes - making it challenging to deliver your experiences.

By delivering 95 Exabytes of data over billions of devices every year, Akamai provides the world's largest and most trusted cloud delivery platform that empowers you to provide fast, secure, scalable and reliable experiences. It is the only platform that seamlessly integrates web and mobile performance, cloud security, enterprise access and video delivery solutions helping you deliver consistent superior experiences no matter where the customers are and what device they are using.

Akamai is aware of and is tracking the malware threat known as "Petya". Petya is ransomware spread using several methods, including PSexec, Windows Management Instrumentation Command-line (WMIC), and the EternalBlue exploit used by the WannaCry family of ransomware. The malware spreads via port 139 and 445; it probes IP addresses on the local subnet for vulnerable systems.

HTTP2 is the second major version of the HTTP protocol. It changes the way HTTP is transferred "on the wire" by introducing a full binary protocol, made up of TCP connections, streams and frames, rather than simply being a plain-text protocol. Such a fundamental change between HTTP/1.x to HTTP/2, meant that client side and server side implementations had to incorporate completely new code to support new HTTP2 features - this fact, introduces nuances in protocol implementations, which in turn, might be used to passively fingerprint web clients.

Overview

Can you imagine anyone buying a car without airbags and without seat belts? I bet you can't!

So why is it that we buy computers without Antivirus software already installed, home routers without a firewall already installed or connected devices (IoT) that are lacking proper security controls?

Written by Avi Aminov and Or Katz

Overview

Imagine you are standing in the middle of a crowded train station and want to have a private conversation with an old friend. You've been waiting for the perfect time to contact him and get some advice on how to move forward with some important life choices.

But you couldn't wait any longer, and now you're on a train platform. There are many people around you. They're watching every move you make and listening to each word you say. You really, really need this conversation to be private!

On Friday, May 12, news agencies around the world reported that a new ransomware threat was spreading rapidly. Akamai's  incident response teams and researchers worked quickly to understand this new threat and how to mitigate it. This blog post is a summary of what Akamai knows at this point.

Remember that this is still an evolving threat and this information may change.

Akamai will update this post as we collect new information.

DNS-based DDoS attacks have gained mindshare among Akamai customers lately, most recently with last year's Dyn attacks (written about on the Akamai Blog here and here) and this week's attack against Cedexis. DNS infrastructure is a ripe target for malicious actors hoping to disrupt a digital property's availability because it provides the initial resolution for an end user's browser client from hostname to IP address. At best, an attack against your DNS records can significantly delay an end user's connection. At worst, it can render your application inaccessible to the end user, either through a denial of service or through a DNS record hijack or forgery. DNS attacks have consistently been one of the top attack vectors for DDoS, according to Akamai's recent security data.

Summary

Adversaries calling themselves the Lizard Squad have been sending businesses extortion letters, demanding payment in bitcoin to prevent a Distributed Denial of Service (DDoS) or other attack against their applications. These letters have been sent to businesses across the globe and across industries for several years, with little follow-through. These letters appear to come from multiple groups including Lizard Squad, the Armada Collective, and DD4BC, though in many case they are from copy-cat or imposter groups. A new wave of these letters seen by Akamai customers from "Lizard Squad" raise concerns that these threats may be legitimate.