Akamai Diversity

Akamai Security Intelligence & Threat Research

Recently by Yohai Einav

Yohai Einav

Yohai Einav

July 25, 2017 8:01 PM

How to Survive a Post-Infection Apocalypse

Intro Most security experts would agree that the best approach to Cybersecurity is a layered approach; Protect your assets against a variety of attack vectors, in a variety of tactics and in different fronts; secure the endpoint, the network, the cloud, guard your data, in-motion, in-rest, in-transit.

Yohai Einav

Yohai Einav

June 1, 2017 2:54 PM

Hoffmeister.br Amplification Attacker: Sparks Inside ...

Looking at the hoffmeister.be data (yes, our previously identified attacker fixed a typo in the TLD) and recent attempts at large-scale amplification attacks, I noticed a surprising absence of spoofed source addresses. My first thought was that the ISP forces the correct IP onto packets entering the network, but that is not common practice (illegal source address packets are dropped if you implement BCP38, SAVI and/or unicast RPF).

Yohai Einav

Yohai Einav

May 15, 2017 12:03 PM

WannaCry: views from the DNS frontline

As the investigation of the WannaCry ransomware keeps evolving, more evidence is revealed and more theories are suggested. While analyzing the DNS and HTTP traffic of domains and clients involved in WannaCry we made several useful discoveries, which may shed some additional light on this cybercrime.

Yohai Einav

Yohai Einav

May 11, 2017 2:46 PM

The (DDoS) Attack on French Media

A recent DDoS attack against Cedexis, a French service provider, caused many prominent French newspapers, including Le Monde, Le Figaro, L'Equipe, Le Nouvel Observateur, all hosted on Cedexis network, to briefly shut down yesterday, May 10. Other web services built on Cedexis network has been affected as well.

Yohai Einav

Yohai Einav

May 9, 2017 3:41 PM

The Comings and Goings (and Comings) of Locky

Ransomware is grabbing a lot of headlines lately given the increasing frequency with which these attacks occur. One prominent form of this advanced cyberthreat is Locky, which we first wrote about almost one year ago. After our initial blog post we saw Locky mostly disappear - at least momentarily. It then came back about three weeks later, but given our broad view of DNS queries from communications service provider (CSP)