Akamai Diversity

Akamai Security Intelligence
& Threat Research

October 2020 Archives

Or Katz

Or Katz

October 30, 2020 5:00 AM

Phishing JavaScript Obfuscation Techniques Soars

In our previous blogs, first where we explained JavaScript Obfuscation techniques and introduced a detailed overview on how JavaScript is being used to obfuscate page content to make phishing attacks and other web scams as evasive as possible; followed by one where we took a deep dive to examine double JavaScript obfuscation techniques, presenting a tale of an obfuscated scam seen in the wild and showing how the same phishing

Steve Ragan

Steve Ragan

October 29, 2020 9:00 AM

A Discussion: Imposter Syndrome & Paths Into InfoSec

In this week's episode, Martin and Steve talk about imposter syndrome and various paths into InfoSec, as well as how they got their careers started. Everyone's path is unique, and this episode explores that aspect with some recent examples including interviews published by SC Magazine with Lesley Carhart, and Wired who spoke with Maddie Stone - two exceptional examples of security professionals working in the field today.

Guest Blogger

Guest Blogger

October 29, 2020 8:00 AM

Exploring the IoT Afterlife

By, Eric Kobrin Not only is October National Cyber Security Awareness Month (NCSAM), but it also contains one of my favorite holidays: Halloween. In the spirit of NCSAM and Halloween, let's talk about Internet of Things (IoT) devices wreaking havoc from beyond the grave.

Or Katz

Or Katz

October 28, 2020 5:00 AM

The Tale of Double JavaScript Obfuscated Scam

Overview The phishing landscape is constantly evolving. Over the years, it has evolved into a more scalable threat, with an overwhelming amount of campaigns being launched daily. Phishing also changed when criminals started adding more capabilities and features to their toolkits, which make the phishing websites long lived and difficult to detect.

Evyatar Saias

Evyatar Saias

October 27, 2020 7:31 AM

Tales From The Pot: Solr powered Kinsing

Additional research and support provided by Chad Seaman. Introduction Akamai SIRT has been working on the development, and deployment, of custom multipurpose honeypots that attempt to mimic a wide array of services and devices. One of these honeypots shows the inner workings of an active exploitation campaign targeting Apache Solr (Solr). The campaign had a noticeable effect on targeting and exploitation attempts for two CVEs impacting Solr servers. This post

Or Katz

Or Katz

October 26, 2020 5:00 AM

Catch Me if You Can - JavaScript Obfuscation

While conducting threat research on phishing evasion techniques, Akamai came across threat actors using obfuscation and encryption, making the malicious page harder to detect. The criminals were using JavaScript to pull this off.

Steve Ragan

Steve Ragan

October 22, 2020 8:00 AM

Passwords: A Discussion

This week, join Martin and myself for a conversation around passwords, which is the theme for this week of National Cyber Security Awareness Month.

Amanda Fakhreddine

Amanda Fakhreddine

October 21, 2020 5:00 AM

State of the Internet/Security: Loyalty For Sale

Criminals aren't afraid to use our loyalty against us. As we've said in previous reports, password reuse is a significant problem in all industries. This latest edition of the State of the Internet/ Security report dives deep into how loyalty programs are targeted and exploited in the retail & hospitality industries.

Hieu Vuong

Hieu Vuong

October 20, 2020 8:00 AM

COVID-19 Related Phishing: A Personal Viewpoint

Dealing with unforeseen challenges around the COVID-19 pandemic has impacted people around the world. The overwhelming amount of news coverage for the coronavirus has created new opportunities for scammers and resulted in millions of phishing attempts as confusion and misinformation have allowed threat actors to take advantage of vulnerable people, concerned for their health.

Tom Emmons

Tom Emmons

October 16, 2020 5:00 AM

DDoS Extortion Examination

In terms of the Distributed Denial of Service (DDoS) landscape, 2020 was almost boring prior to the beginning of August. The excitement from the record peak Gbps and Mpps seen in early summer had worn off, and we weren't seeing a ton of interesting attacks

Steve Ragan

Steve Ragan

October 15, 2020 8:00 AM

A Discussion with Amanda Berlin, CEO of Mental Healt ...

Steve Ragan and Martin McKeay sit down with Amanda Berlin, the CEO of Mental Health hackers to discuss her previous guest essay in the State of the Internet / Security report, and where her organization is today. In addition, the discussion also explores ways to improve mental health, and its impact on security overall.

Akamai InfoSec

Akamai InfoSec

October 13, 2020 8:24 AM

Protecting Your Home, 3 Steps at a Time!

written by, Nicholas Caron Securing your devices in this era of connected everything can quickly mount to an insurmountable quagmire. You, the impromptu system administrator, are thrust into an anxiety-inducing position of learning of endless new threats to your home devices, all while trying to please your increasingly annoyed housemate, who would just like to add their WiFi enabled blender to the network. The deeper you dive, the more confusing

Steve Ragan

Steve Ragan

October 8, 2020 8:00 AM

Don't Blame The User: A Discussion

Today's post is something different. For National Cyber Security Awareness Month (NCSAM), Steve Ragan, Martin McKeay, and Andy Ellis sat down for a casual conversation about not blaming users, problems with IOT, and some previously undiscussed tips for staying secure while working from home.

Akamai InfoSec

Akamai InfoSec

October 6, 2020 11:00 AM

The Talk: Keeping my parental units safe

Dear Favorite Parental Unit, What will it take to convince you? You helped me through homework for years. You taught me right from wrong. You reinforced good habits. It's my turn to return the favor. It's time to turn the tables, and make the computer work for you. It's time to talk about passwords and the internet.

Larry Cashdollar

Larry Cashdollar

October 1, 2020 8:00 AM

Music to Hack To: My First CVE and 20 Years of Vulne ...

October is National Cyber Security Awareness Month (NCSAM). I've been doing security and vulnerability research since 1994, and a lot has changed in the industry. For this post, in honor of NCSAM, I'm going to revisit my first CVE (Common Vulnerabilities and Exposures), and offer some general observations and stories from the past.