Akamai Diversity

Akamai Security Intelligence & Threat Research

Asaf Nadler

Asaf Nadler

July 16, 2019 8:00 AM

Adversarial DGA - Is It Out There?

The Caveats of Inline DGA Mitigation Domain generation algorithms (DGAs) are often implemented by botnets to produce a large number of domain names that bots will use to communicate with their command and control (C2) servers. Accordingly, identifying algorithmically generated domains (AGD) in network traffic is a key aspect for analyzing, detecting and possibly mitigating botnet behavior. There are three main approaches for identifying AGDs: (1) predictive mitigation, (2) offline

Lior Lahav

Lior Lahav

July 11, 2019 8:00 AM

Pykspa v2 DGA updated to become selective

Additional research and information provided by Asaf Nadler Recent changes to the Pykspa v2 domain generation algorithm (DGA) have made it more selective. Akamai researchers have tracked these changes and believe that part of the reason for selective domain generation is to enable attackers to keep a smaller footprint online, and remain undetected for longer periods. However, it is still possible to brute-force the DGA and track the domains. In

Chad Seaman

Chad Seaman

July 2, 2019 8:00 AM

Anatomy of a SYN-ACK attack

Overview In recent weeks, a series of DDoS attacks were directed at multiple financial institutions. The attacks utilized a seldom seen reflection vector known as TCP SYN-ACK reflection. SYN-ACK reflection isn't new, but it's rarely observed due mostly to its lack of popularity among attackers and impact on the victim. The observed attacks sparked conversations both publicly and privately amongst several organizations, including Akamai. In this write-up, we're going to

Larry Cashdollar

Larry Cashdollar

June 26, 2019 2:14 PM

SIRT Advisory: Silexbot bricking systems with known ...

On June 25th, I discovered a new bot named Silexbot on my honeypot. The bot itself is a blunt tool used to destroy IoT devices. Its author, someone who claims to be a 14-year-old boy from Europe, has made his intentions clear with some very distinct text embedded in the code.

Or Katz

Or Katz

June 18, 2019 8:00 AM

Analytics - Tracking a Phishing Campaign

Earlier this year, Akamai discovered a publicly available plug-in that is being used to collect analytics and various stats on a number of phishing campaigns. Using our own data, we were able to correlate the analytics and view the IP addresses of the victims, since the phishing campaigns were directing victims to one of our customers.

Akamai InfoSec

Akamai InfoSec

June 17, 2019 10:00 AM

CloudTest Vulnerability (CVE-2019-11011)

On March 3, 2019, Rio Sherri from MDSec discovered, and responsibily disclosed, an unauthenticated remote command execution (RCE) vulnerability in CloudTest, that affects all versions prior to 58.30. This vulnerability has been assigned to CVE-2019-11011. The discovered vulnerability existed due to an unsafe Java deserialization between certain parameters. After extensive testing, Akamai released a patch on March 7, 2019 and made it available to all CloudTest customers.

Larry Cashdollar

Larry Cashdollar

June 13, 2019 11:17 AM

Latest ECHOBOT: 26 Infection Vectors

Introduction Since the release of the Mirai source code in October of 2016, there have been hundreds of variants. While publishing my own research, I noticed that Palo Alto Networks was also examining similar samples, and published their findings. Earlier this month, not too long after Palo Alto Networks published their report, I discovered a newer version of Echobot that uses 26 different exploits for its infection vectors. In some

Or Katz

Or Katz

June 12, 2019 6:00 PM

Catch Me If You Can: Evasive and Defensive Technique ...

Phishing is a multifaceted type of attack, aimed at collecting usernames and passwords, personal information, or sometimes both. Yet, these attacks only work so long as the phishing kit itself remains hidden. Phishing is a numbers game and time is a factor. The longer a phishing kit can remain active and undetected, the longer the scam can run. The longer the scam runs, the number of victims only increases.

Or Katz

Or Katz

June 12, 2019 6:00 PM

Phishing Factories and Economies

Every day Akamai sees thousands of new phishing pages. Over the last few months one kit, and the pattern it represents, has stood out to our researchers. In today's post, we're going to explore this kit, how it came to be, and what its existence means to the public. Since December, Akamai has tracked the development and deployment of different phishing kits. Some of them are using an almost factory-like