Akamai Diversity
Home > Web Security

Recently in Web Security Category

By Bill Brenner, Senior Tech Writer, Akamai SIRT

Retail was hit hard in Q1 2016 by malicious actors who targeted the business sector with web application attacks. That is among the findings in the State of the Internet Security Report for the first quarter of the year.

By Mike Kun, Manager, Akamai SIRT

Extortion attacks have risen since DD4BC kicked things off last year. DD4BC peaked in July and the Armada Collective took over after that, sending out emails threatening attacks unless the victim(s) made ransom payments in bitcoins.

The most recent round involved many ransom demand letters, but, as far as many observers can tell, very little follow through.

Now we have Lizard Squad, or at least, someone claiming to be that group, spamming over 70 Akamai customers with identical ransom demands, all of which seemed to be copied from the Armada Collective emails.

Akamai Security Researcher Or Katz was recently published at InfoSecurity talking about how to defend against web application account takeovers with cloud security intelligence.

Community, Convenience, and the Claviger

One of the most common complaints on the Akamai Community is from people who are browsing the web from IP addresses that Akamai has seen performing malicious activity.  Depending on the severity and number of these malicious activities, Akamai assigns the IP address a rating that predicts the likelihood that the IP will perform a malicious act in the future.   These ratings come from our Client Reputation module, a module that is sold to Akamai Kona Site Defender Customers.

Akamai's next "Girls Who Code" summer immersion program is still a couple of months away, but in the meantime I wanted to tell you about our involvement with another fantastic organization inspiring girls to pursue tech careers - the Girl Scouts.

#OpKillingBay Expands Attacks

By Bill Brenner, Akamai SIRT Senior Tech Writer

Operation Killing Bay, better known as #OpKillingBay on social media sites, is expanding. Historically, malicious attackers participating in OpKillingBay have targeted Japanese government websites and sites of companies participating in whale and dolphin hunting. These attackers often see themselves as protesters or activists, in addition to hackers and refer to themselves as "hacktivists."

How Has Let's Encrypt Impacted Web Security?

When Let's Encrypt was founded at the end of 2014 it had a lofty goal: promote the use of TLS everywhere by making certificates free and server configuration painless.  It was noted that for many web administrators, for both large and small sites, TLS was seen as expensive, difficult to configure, and slow.  With that headwind, the return on investment was seen as too low to bother unless you were handling financial or other sensitive information.  As it does, web security quickly evolved in the ensuing years.  Firesheep, Snowden, and Google page ranking: these are just a few things that have changed how people think about the importance of encrypting everything online.  And services like Let's Encrypt and Akamai deal with the problems head on, reducing the pain of Internet security tremendously.

HTTP/2 is here; come and get it!

Since showcasing a production demonstration of HTTP/2 at Velocity in 2014 and announcing broad support in 2015, Akamai has been actively working with hundreds of customers to deliver HTTP/2-enabled websites.

Half-baked Patching: More Common Than You Think

In the last year or so I've been looking at Wordpress plugins. I've seen some poorly written code, plugins that had little purpose (one plugin's stated purpose was to only download a copy of itself!) and patches that attempted to fix a problem but weren't thorough enough or didn't follow the official Wordpress recommendations and codex.

Bad code can not only be a threat to the system it's hosted on and the users that use it, but the Internet community as a whole. On Dec. 12, 2015 a zero-day exploit was uploaded to 0day.today by sniper.t. The uploaded text was simply a proof of concept to remotely download /etc/passwd. The exploit abused the plugin author's lack of authentication and file type verification to steal arbitrary files from a victim's server.

HTTP Strict Transport Security (known as HSTS for short) is a security signal that instructs the browser to attempt all requests to your website using HTTPS. In short, with HSTS enabled, a modern browser will never attempt to visit your site on HTTP. Furthermore, the browser remembers this instruction for an amount of time you set. So the next time a user visits your website, their browser won't attempt a HTTP request.