Akamai Diversity
Home > Web Security

Recently in Web Security Category

Recently, Dan Shugrue, one of our product marketing directors at Akamai was published in InfoSecurity magazine. His article, Barbarians at the Gate - Shoring Up Web Application Defenses with Client Reputation takes an incisive look at how client reputation monitoring can help bolster web security efforts. Dan argues that as attacks evolve, companies doing business on the web (and who isn't these days)must evolve their strategies for identifying and defending against attacks to be most successful. And a strategy that involves the use of client reputation capabilities to identify bad actors, before they act, is one important strategy to consider.

Machine Learning in Security

I recently started studying for the GMAT and ran into an interesting passage while taking a diagnostic test - a reading comprehension argument by the philosopher John Searle, who was one of the first philosophers to challenge the idea of artificial intelligence. Searle argued that the human brain is not like a computer processor, and that computers are syntactic (rule based), rather than semantic (meaning based) creatures. The diagnostic test question is referring to Searle's thought experiment called the Chinese Room. The idea of the Chinese Room suggests that if you lock a person in a room with rules translating English to Chinese characters, the individual will be able to respond in Chinese to questions written in Chinese. The experiment suggests that no matter how intelligent a computer (person locked in a room) can respond, a program (rules) can not give a computer "understanding", and therefore a computer can not "think" (i.e. "strong AI" does not exist).

Bot Management Strategy

It was March 13th, 2:30 AM at night and the customer called everyone on the Akamai account team announcing they were being attacked.  The attacker was locking inventory on their site for hours causing a significant burst in traffic and preventing customers from making transactions. The Akamai Security Operations Center was involved right away and quickly discovered that a bot was behind this attack.  This was a "good bot" just scraping the inventory for pricing data, but it caused havoc for both the infrastructure and the business.

By Bill Brenner, Senior Tech Writer, Akamai SIRT

Retail was hit hard in Q1 2016 by malicious actors who targeted the business sector with web application attacks. That is among the findings in the State of the Internet Security Report for the first quarter of the year.

By Mike Kun, Manager, Akamai SIRT

Extortion attacks have risen since DD4BC kicked things off last year. DD4BC peaked in July and the Armada Collective took over after that, sending out emails threatening attacks unless the victim(s) made ransom payments in bitcoins.

The most recent round involved many ransom demand letters, but, as far as many observers can tell, very little follow through.

Now we have Lizard Squad, or at least, someone claiming to be that group, spamming over 70 Akamai customers with identical ransom demands, all of which seemed to be copied from the Armada Collective emails.

Akamai Security Researcher Or Katz was recently published at InfoSecurity talking about how to defend against web application account takeovers with cloud security intelligence.

Community, Convenience, and the Claviger

One of the most common complaints on the Akamai Community is from people who are browsing the web from IP addresses that Akamai has seen performing malicious activity.  Depending on the severity and number of these malicious activities, Akamai assigns the IP address a rating that predicts the likelihood that the IP will perform a malicious act in the future.   These ratings come from our Client Reputation module, a module that is sold to Akamai Kona Site Defender Customers.

Akamai's next "Girls Who Code" summer immersion program is still a couple of months away, but in the meantime I wanted to tell you about our involvement with another fantastic organization inspiring girls to pursue tech careers - the Girl Scouts.

#OpKillingBay Expands Attacks

By Bill Brenner, Akamai SIRT Senior Tech Writer

Operation Killing Bay, better known as #OpKillingBay on social media sites, is expanding. Historically, malicious attackers participating in OpKillingBay have targeted Japanese government websites and sites of companies participating in whale and dolphin hunting. These attackers often see themselves as protesters or activists, in addition to hackers and refer to themselves as "hacktivists."

How Has Let's Encrypt Impacted Web Security?

When Let's Encrypt was founded at the end of 2014 it had a lofty goal: promote the use of TLS everywhere by making certificates free and server configuration painless.  It was noted that for many web administrators, for both large and small sites, TLS was seen as expensive, difficult to configure, and slow.  With that headwind, the return on investment was seen as too low to bother unless you were handling financial or other sensitive information.  As it does, web security quickly evolved in the ensuing years.  Firesheep, Snowden, and Google page ranking: these are just a few things that have changed how people think about the importance of encrypting everything online.  And services like Let's Encrypt and Akamai deal with the problems head on, reducing the pain of Internet security tremendously.