Akamai Diversity

Akamai Security Intelligence
& Threat Research

Or Katz

Or Katz

July 30, 2020 8:00 AM

Question Quiz - The Forgotten Scam

Overview Over a year ago, Akamai's threat research team published research regarding a widely-used phishing toolkit we referred to as the "Three Question Quiz". It's now time to review the evolution of the toolkit, the associated campaigns that we tracked in the wild, and the potential damage caused by those campaigns in the past year.

Amanda Fakhreddine

Amanda Fakhreddine

July 15, 2020 5:30 AM

State of the Internet / Security: Special Media Edit ...

This blog post was six months in the making. Sometimes you make plans. Sometimes those plans get pushed to the side, torn up, and thrown into the wind. That's what happened with this issue of our report.

Threat Research Team

Threat Research Team

June 4, 2020 9:00 AM

Stealthworker: Golang-based brute force malware stil ...

By: Larry Cashdollar Malware that can target Windows and Linux systems was recently installed on my honeypot. After some investigation, I determined it to be similar to the malware discovered in February of 2019 by Malwarebytes, and later examined by Fortinet in October that same year. Written in Golang, the malware is called Stealthworker. Once a system is successfully infected, the attackers will use it to probe other targets in

Asaf Nadler

Asaf Nadler

May 27, 2020 8:00 AM

Watch Your Step: The Prevalence of IDN Homograph Att ...

The internationalized domain name (IDN) homograph attack is used to form domain names that visually resemble legitimate domain names, albeit, using a different set of characters [1]. For example, the IDN "xn--akmai-yqa.com" which appears in unicode as "akámai.com" visually resembles the legitimate domain name "akamai.com". Attackers often apply IDN homograph attacks to form domain names that are used for malicious purposes, such as malware distribution [2] or phishing [3], while

Martin McKeay

Martin McKeay

May 19, 2020 7:02 AM

Contributing to the Verizon Data Breach Investigatio ...

I remember sitting down to "crack the cover" of the very first Verizon Data Breach Investigation Report (DBIR) a lifetime ago. I was the security manager of a small hosting company and the report was the first time I'd ever seen a real, data driven effort to quantize breaches and the security problems we were facing daily. It was the first time we had real data, rather than theories, opinions

Larry Cashdollar

Larry Cashdollar

May 5, 2020 9:05 AM

SaltStack Vulnerabilities Actively Exploited in the ...

On April 29, 2020, the Salt management framework, authored by the IT automation company SaltStack, received a patch concerning two CVEs; CVE-2020-11651, an authentication bypass vulnerability, and CVE-2020-11652, a directory-traversal vulnerability.

Steve Ragan

Steve Ragan

May 5, 2020 8:00 AM

Credential Stuffing Attacks During the COVID-19 Pand ...

Since COVID-19 isolation protocols started in the United States in early March, bad actors have had a lot of time on their hands and a large pool of victims to target. Thousands of people, millions across the globe, suddenly found themselves working from home and away from many of the enterprise-grade protections that governed their day-to-day workflow.

Martin McKeay

Martin McKeay

April 29, 2020 8:00 AM

Parts of a Whole: Effect of COVID-19 on US Internet ...

Introduction In our previous post, The Building Wave of Internet Traffic, we looked at the traffic patterns across Europe and the effect the COVID-19 pandemic has had. We examined traffic in Italy, Poland, and Spain, and demonstrated how we observed huge surges of traffic around the implementation of isolation protocols, which then reduced to more normal levels in the days after. Though, it's important to note this new level of

Or Katz

Or Katz

April 28, 2020 8:00 AM

Brazil Targeted by Phishing Scam Harnessing COVID-19 ...

Researchers at Akamai have identified a new phishing campaign targeting users in Brazil who are worried about their finances during the COVID-19 epidemic. Over two weeks, we identified that the three-question quiz campaign successfully targeted more than 850,000 victims, scamming them out of personal information, and in some cases, convincing them to install Adware on their computer.