Akamai Diversity

Akamai Security Intelligence & Threat Research

Martin McKeay

Martin McKeay

November 5, 2018 3:43 PM

What were the DDoS numbers for Q2 & Q3 2018?

We heard your feedback. First of all, the numbers that everyone is most interested in: There were 2,057 DDoS attacks in the Q1 of 2018, 1839 attacks in Q2 and 2,367 attacks in Q3, for a total of 6,263 DDoS attacks as of September 30th, 2018. Now that's out of the way, the next most important thing to acknowledge is about our reporting period. In the last State of the

Larry Cashdollar

Larry Cashdollar

October 30, 2018 9:00 AM

An Update on the jQuery-File-Upload Vulnerability

In the days following the original post concerning my disclosure of the flaw in jQuery-File-Upload (CVE-2018-9206), many people reached to me with a number of questions on various related topics. I think a blog post is the best way to answer many of them, along with explaining ongoing efforts to identify and patch vulnerable jQuery instances in the wild.

Larry Cashdollar

Larry Cashdollar

October 18, 2018 10:45 AM

Having The Security Rug Pulled Out From Under You

I attended the Messaging, Malware and Mobile Anti-Abuse Working Group (m3aawg.org) meeting in Brooklyn, NY. I expected better weather to wander around the city while enjoying the conference and the neighborhood's wide selection of food. I had been so confident of clear skies that I did not bring a rain jacket. It rained most of the week. This left me somewhat stranded in my hotel room with free Wifi service

Larry Cashdollar

Larry Cashdollar

October 12, 2018 8:14 AM

An Examination of a Phishing Kit Dubbed Luis

There have been plenty of articles describing the structure of phishing emails, and how to spot them. However, less explored, are phishing websites - what they are, how they are used, and how users can protect themselves. We'll take a deep dive into a particular phishing website and the methods used in the author's attempt to avoid detection. While reading through my Twitter feed, I noticed a tweet from @WifiRumHam

Ryan Barnett

Ryan Barnett

October 11, 2018 7:33 AM

Security Response Headers: What They Are, Why You Sh ...

Security response headers are a critical security capability that all organizations should consider. This blog post is the first in a series that will discuss different security headers and go in-depth with how to configure them for maximum benefit. For cyber criminals, attacking a web application directly is not the only option available. They also have the ability target other users of the system in order to steal their information,

Daniel Abeles

Daniel Abeles

October 8, 2018 10:39 AM

Capturing the HackerOne Flag

by Daniel Abeles & Shay Shavit HackerOne is a bug bounty platform that allows hackers around the world to participate in bug bounty campaigns, initiated by HackerOne's customers. Recently, HackerOne announced they would be hosting a special live hacking event in Buenos Aires along side a week long security conference, Ekoparty 14. In order to participate the special event, you either have to be a top ranked hacker on their

Martin McKeay

Martin McKeay

September 19, 2018 5:43 AM

State of the Internet Security - Credential Stuffing

Credential stuffing, and the botnets behind this activity, is the primary focus of the State of the Internet Security Report, Issue 4, 2018. Credential stuffing, the use of botnets to try to login to a site with stolen or randomly created login information, isn't a new phenomenon, but it is one that is having a growing impact, especially on financial services organizations. Our latest report takes a deeper look at

Akamai SIRT Alerts

Akamai SIRT Alerts

September 14, 2018 7:44 AM

Root KSK Roll: Replacing the Root of Trust for the D ...

By Tim April -------- Update (Sept. 17, 2018): On Sunday, September 16th, the ICANN Board adopted a resolution instructing the ICANN Organization to continue the Root KSK Roll as planned, switching the Root KSK at 1600 UTC on October 11, 2018. --------- On October 11, 2018 -- for the first time ever -- the Root Key Signing Key (Root KSK), that is the single root of trust used to verify

Ryan Barnett

Ryan Barnett

September 11, 2018 11:48 AM

New Tsunami/Kaiten Variant: Propagation Status

Ryan Barnett, Principal Security Researcher, Akamai Moshe Zioni, Director of Threat Research, Akamai Recent news reports have highlighted the latest evolution of the Mirai botnet code, which is itself an evolution of the Kaiten botnet. The botnet developers have leveraged features from an open-source project, called Aboriginal Linux, that results in a cross platform compiled binary. Needless to say, this greatly increases the success rates of spreading the Mirai malware