Akamai Diversity

Akamai Security Intelligence & Threat Research

Jonathan Respeto

Jonathan Respeto

September 18, 2019 8:00 AM

New DDoS Vector Observed in the Wild: WSD attacks hi ...

Additional research and support provided by Chad Seaman. Introduction Members of Akamai's Security Intelligence Response Team have been investigating a new DDoS vector that leverages a UDP Amplification technique known as WS-Discovery (WSD). The situation surrounding WSD was recently made public, but multiple threat actors have begun to leverage this DDoS method to ramp up their attacks. While conducting exploratory research prior to WSD becoming public, the Akamai SIRT gained

Amanda Fakhreddine

Amanda Fakhreddine

September 12, 2019 5:00 AM

State of The Internet / Security: Media Under Attack ...

From January 2018 through June 2019, Akamai recorded more than 61 billion credential stuffing attempts and more than 4 billion web application attacks. Today, we're releasing a special edition of the State of the Internet/ Security report that focuses on data within the high tech, video media, and entertainment sectors -- collectively named Media & Technology.

Larry Cashdollar

Larry Cashdollar

August 30, 2019 5:30 PM

XMR Cryptomining Targeting x86/i686 Systems

I have been playing close attention to Internet of Things (IoT) malware targeting systems with Telnet enabled, while also collecting samples targeting systems with SSH enabled on port 22. I've collected over 650 samples landing in my honeypot within the last week. The earliest sample showed up on July 24th at 20:06. The honeypot allows logins using known default login credentials for root.

Akamai

Akamai

August 13, 2019 12:14 PM

HTTP2 Vulnerabilities

On Tuesday, August 13th at 10 AM Pacific Time (1700UTC), Netflix publicly disclosed a series of vulnerabilities found by Jonathan Looney that impact many implementations of the HTTP2 protocol. A vulnerability found by Piotr Sikora of Google was also released at the same time. Akamai is grateful to the reporters for their work and pre-release coordination.

Or Katz

Or Katz

August 5, 2019 6:16 AM

Summer Phishing Scams Targeting Vacation Hotspots

As phishing websites become more advanced, by using rich functionality and customized workflows, evidence indicates that web analytics plugins are being commonly used in phishing kits. This enables threat actors to have stronger visibility into victim profiles and their behavior once they have landed on the scam website. This, in turn, can lead to future optimizations of the phishing kit and scam's distribution.

Amanda Fakhreddine

Amanda Fakhreddine

July 31, 2019 5:00 AM

State of the Internet/ Security Volume 5, Issue 4 - ...

The cliché "follow the money" is exactly what criminals do when targeting the financial services vertical. In the State of the Internet/ Security, Volume 5, Issue 4, we take a deeper dive into how credential stuffing and web attacks are impacting one of the world's most powerful industries.

Larry Cashdollar

Larry Cashdollar

July 29, 2019 7:00 AM

Criminals using targeted Remote File Inclusion attac ...

In June 2019, logs on my personal website recorded markers that were clearly Remote File Inclusion (RFI) vulnerability attempts. The investigation into the attempts uncovered a campaign of targeted RFI attacks that currently are being leveraged to deploy phishing kits. The latest kit focuses on a large and well-known bank in the EU.

Asaf Nadler

Asaf Nadler

July 16, 2019 8:00 AM

Adversarial DGA - Is It Out There?

The Caveats of Inline DGA Mitigation Domain generation algorithms (DGAs) are often implemented by botnets to produce a large number of domain names that bots will use to communicate with their command and control (C2) servers. Accordingly, identifying algorithmically generated domains (AGD) in network traffic is a key aspect for analyzing, detecting and possibly mitigating botnet behavior. There are three main approaches for identifying AGDs: (1) predictive mitigation, (2) offline

Lior Lahav

Lior Lahav

July 11, 2019 8:00 AM

Pykspa v2 DGA updated to become selective

Additional research and information provided by Asaf Nadler Recent changes to the Pykspa v2 domain generation algorithm (DGA) have made it more selective. Akamai researchers have tracked these changes and believe that part of the reason for selective domain generation is to enable attackers to keep a smaller footprint online, and remain undetected for longer periods. However, it is still possible to brute-force the DGA and track the domains. In