Akamai Diversity

Akamai Security Intelligence
& Threat Research

Recently by Or Katz

Or Katz

Or Katz

December 8, 2020 9:00 AM

Phishing Summary 2020 - Trends and Highlights

2020 was a challenging year for many of us, as the COVID-19 pandemic disrupted life and introduced challenges in almost all elements of living. 2020 was also challenging from a cybersecurity point of view, as nearly the entire workforce moved to remote working and enterprise boundaries were never so vague, which introduced complexities on that end. As this year comes to an end, it's time to look back and highlight

Or Katz

Or Katz

October 30, 2020 5:00 AM

Phishing JavaScript Obfuscation Techniques Soars

In our previous blogs, first where we explained JavaScript Obfuscation techniques and introduced a detailed overview on how JavaScript is being used to obfuscate page content to make phishing attacks and other web scams as evasive as possible; followed by one where we took a deep dive to examine double JavaScript obfuscation techniques, presenting a tale of an obfuscated scam seen in the wild and showing how the same phishing

Or Katz

Or Katz

October 28, 2020 5:00 AM

The Tale of Double JavaScript Obfuscated Scam

Overview The phishing landscape is constantly evolving. Over the years, it has evolved into a more scalable threat, with an overwhelming amount of campaigns being launched daily. Phishing also changed when criminals started adding more capabilities and features to their toolkits, which make the phishing websites long lived and difficult to detect.

Or Katz

Or Katz

October 26, 2020 5:00 AM

Catch Me if You Can - JavaScript Obfuscation

While conducting threat research on phishing evasion techniques, Akamai came across threat actors using obfuscation and encryption, making the malicious page harder to detect. The criminals were using JavaScript to pull this off.

Or Katz

Or Katz

July 30, 2020 8:00 AM

Question Quiz - The Forgotten Scam

Overview Over a year ago, Akamai's threat research team published research regarding a widely-used phishing toolkit we referred to as the "Three Question Quiz". It's now time to review the evolution of the toolkit, the associated campaigns that we tracked in the wild, and the potential damage caused by those campaigns in the past year.

Or Katz

Or Katz

April 28, 2020 8:00 AM

Brazil Targeted by Phishing Scam Harnessing COVID-19 ...

Researchers at Akamai have identified a new phishing campaign targeting users in Brazil who are worried about their finances during the COVID-19 epidemic. Over two weeks, we identified that the three-question quiz campaign successfully targeted more than 850,000 victims, scamming them out of personal information, and in some cases, convincing them to install Adware on their computer.

Or Katz

Or Katz

April 2, 2020 8:00 AM

Threat Actors Recycling Phishing Kits in New Coronav ...

Recently, researchers at Akamai observed phishing attacks leveraging recycled kits in a series of campaigns taking advantage of the Coronavirus (COVID-19) health crisis. Phishing kits that have been previously deployed over the last several months are now being used again in order to reach a new pool of potential victims: those working from home due to self-isolation, mandated quarantine, or corporate policy during the pandemic.

Or Katz

Or Katz

March 10, 2020 8:00 AM

Phishing Victims From a CDN's Point of View

Overview Being a Content Delivery Network (CDN) platform, sometimes you can see fractions of attacks on the wire. In this blog, we will focus on phishing websites that, while not being delivered by the Akamai platform, are referring to or redirecting victims to pages that are on Akamai's platform.

Or Katz

Or Katz

December 17, 2019 9:00 AM

Access and Threat Insights: Thanksgiving

Overview Thanksgiving in the United States is considered by many to mark a good time of year to gain insight into enterprise access and threats. From an enterprise point of view, Thanksgiving is when many American users will be on vacation, but may still working from home, in some capacity. It's interesting to see users' access patterns as they pertain to enterprise applications, such as email or other SaaS platforms,