Akamai Diversity

Akamai Security Intelligence & Threat Research

July 2019 Archives

Amanda Fakhreddine

Amanda Fakhreddine

July 31, 2019 5:00 AM

State of the Internet/ Security Volume 5, Issue 4 - ...

The cliché "follow the money" is exactly what criminals do when targeting the financial services vertical. In the State of the Internet/ Security, Volume 5, Issue 4, we take a deeper dive into how credential stuffing and web attacks are impacting one of the world's most powerful industries.

Larry Cashdollar

Larry Cashdollar

July 29, 2019 7:00 AM

Criminals using targeted Remote File Inclusion attac ...

In June 2019, logs on my personal website recorded markers that were clearly Remote File Inclusion (RFI) vulnerability attempts. The investigation into the attempts uncovered a campaign of targeted RFI attacks that currently are being leveraged to deploy phishing kits. The latest kit focuses on a large and well-known bank in the EU.

Asaf Nadler

Asaf Nadler

July 16, 2019 8:00 AM

Adversarial DGA - Is It Out There?

The Caveats of Inline DGA Mitigation Domain generation algorithms (DGAs) are often implemented by botnets to produce a large number of domain names that bots will use to communicate with their command and control (C2) servers. Accordingly, identifying algorithmically generated domains (AGD) in network traffic is a key aspect for analyzing, detecting and possibly mitigating botnet behavior. There are three main approaches for identifying AGDs: (1) predictive mitigation, (2) offline

Lior Lahav

Lior Lahav

July 11, 2019 8:00 AM

Pykspa v2 DGA updated to become selective

Additional research and information provided by Asaf Nadler Recent changes to the Pykspa v2 domain generation algorithm (DGA) have made it more selective. Akamai researchers have tracked these changes and believe that part of the reason for selective domain generation is to enable attackers to keep a smaller footprint online, and remain undetected for longer periods. However, it is still possible to brute-force the DGA and track the domains. In

Chad Seaman

Chad Seaman

July 2, 2019 8:00 AM

Anatomy of a SYN-ACK attack

Overview In recent weeks, a series of DDoS attacks were directed at multiple financial institutions. The attacks utilized a seldom seen reflection vector known as TCP SYN-ACK reflection. SYN-ACK reflection isn't new, but it's rarely observed due mostly to its lack of popularity among attackers and impact on the victim. The observed attacks sparked conversations both publicly and privately amongst several organizations, including Akamai. In this write-up, we're going to