Akamai Diversity

Akamai Security Intelligence & Threat Research

Larry Cashdollar

Larry Cashdollar

November 18, 2019 9:00 AM

Update to x86 XMR Crypto Mining Blog Post

Back in August, I wrote an article about XMR crypto mining software targeting x86/I686 systems. This is a follow-up to that original malware analysis. Previously, I discussed an attacker who, using known default login credentials, targets enterprise systems to mine the XMR cryptocurrency.

Akamai SIRT Alerts

Akamai SIRT Alerts

November 15, 2019 5:15 PM

Fake Cozy Bear Group Making DDoS Extortion Demands

A group calling themselves "Cozy Bear" has been emailing various companies with an extortion letter, demanding payment and threatening targeted DDoS attacks if their demands are not met.

Tomer Shlomo

Tomer Shlomo

November 6, 2019 9:00 AM

Phishing detection via analytic networks

As mentioned in previous Akamai blogs, phishing is an ecosystem of mostly framework developers and buyers who purchase kits to harvest credentials and other sensitive information. Like many framework developers, those focusing on phishing kits want to create an efficient attack flow on their framework, from opening an email or clicking a link on a social media post, to visiting the phishing website, to completing the attack by sharing information,

Amanda Fakhreddine

Amanda Fakhreddine

October 30, 2019 5:00 AM

State of the Internet Security: Phishing - Baiting t ...

This Halloween, the scariest thing you might encounter could be lurking on the device you're reading this on.

Larry Cashdollar

Larry Cashdollar

October 21, 2019 8:00 AM

A Cryptomining SSH Worm

Recently, I noticed an interesting cryptomining script in my honeypot. It had all the usual checks for CPU and architecture type before downloading a binary. It even had the usual kill any processes that might be other cryptominers. However, what caught my eye was a one-line shell script that searched through .ssh/known_hosts and .ssh/id_pub.pub keys, in an attempt to infect other systems that might share SSH keys with the infected

Larry Cashdollar

Larry Cashdollar

October 7, 2019 8:00 AM

Drupalgeddon2 still used in attack campaigns

While examining Akamai's network attack logs, I noticed an attack campaign leveraging Drupalgeddon2. Drupalgeddon2 is an unauthenticated remote code execution vulnerability (CVE-2018-7600) in the Drupal CMS platform that was patched in March 2018.

Jonathan Respeto

Jonathan Respeto

September 18, 2019 8:00 AM

New DDoS Vector Observed in the Wild: WSD attacks hi ...

Additional research and support provided by Chad Seaman. Introduction Members of Akamai's Security Intelligence Response Team have been investigating a new DDoS vector that leverages a UDP Amplification technique known as WS-Discovery (WSD). The situation surrounding WSD was recently made public, but multiple threat actors have begun to leverage this DDoS method to ramp up their attacks. While conducting exploratory research prior to WSD becoming public, the Akamai SIRT gained

Amanda Fakhreddine

Amanda Fakhreddine

September 12, 2019 5:00 AM

State of The Internet / Security: Media Under Attack ...

From January 2018 through June 2019, Akamai recorded more than 61 billion credential stuffing attempts and more than 4 billion web application attacks. Today, we're releasing a special edition of the State of the Internet/ Security report that focuses on data within the high tech, video media, and entertainment sectors -- collectively named Media & Technology.

Larry Cashdollar

Larry Cashdollar

August 30, 2019 5:30 PM

XMR Cryptomining Targeting x86/i686 Systems

I have been playing close attention to Internet of Things (IoT) malware targeting systems with Telnet enabled, while also collecting samples targeting systems with SSH enabled on port 22. I've collected over 650 samples landing in my honeypot within the last week. The earliest sample showed up on July 24th at 20:06. The honeypot allows logins using known default login credentials for root.