Akamai Diversity

Akamai Security Intelligence
& Threat Research

Steve Ragan

Steve Ragan

April 6, 2021 8:00 AM

Tax Season: Criminals Play the Numbers Game Too

Criminals love tax season. The stress and urgency surrounding this time of year makes the victim pool highly vulnerable to various types of schemes. In addition to phishing, tax season is also the time of year when criminals focus their efforts towards other types of attacks including Local File Inclusion (LFI), SQL Injection (SQLi), and credential stuffing.

Samuel Erb

Samuel Erb

March 26, 2021 8:00 AM

CVE-2020-15915 -- Quest for KACE blind SQLi

By Samuel Erb & Phil Bertuglia At Akamai, the Enterprise Security Red Team (ESRT) continuously strives to evaluate the security of both our external and internal services. We look at the security of the services we build and purchase for security vulnerabilities that could negatively impact our business and our customers. During a scheduled sorti, the ESRT investigated how to pivot access from a local package management system used to

Chad Seaman

Chad Seaman

March 23, 2021 8:00 AM

Threat Advisory - DCCP for (D)DoS

Executive Summary Recent attacks against Akamai customers have leveraged a networking protocol known as protocol 33, or Datagram Congestion Control Protocol (DCCP). These attacks prompted the Akamai SIRT team to look into the protocol further and offer insights and mitigation strategies for network defenders.

Larry Cashdollar

Larry Cashdollar

March 16, 2021 8:00 AM

Another Golang Crypto Miner On The Loose

There are many crypto mining malware variants infecting systems on the internet. On Friday, March 4, 2021, I noticed an interesting hit in my honeypot logs. The binary it captured stood out, as it was rather large at 4MB. I immediately thought it would be a crypto miner written in the Go language. I was correct. This one however, has some newer exploits it's using for proliferation.

Amanda Fakhreddine

Amanda Fakhreddine

March 10, 2021 6:00 AM

Now Launching - SOTI: Research

Last year, the SOTI team pledged to evolve. We had no idea that the evolution before us would require such dramatic changes to how we both live and work. In truth, 2020 was a roller coaster with dramatic ups and downs, encompassing stress, fear, and uncertainty. Even as 2021 unfolds, COVID-19 is still impacting our day-to-day lives at work and at home.

Guest Blogger

Guest Blogger

March 9, 2021 9:00 AM

Sensor Architecture Can Help Keep Us Up and Running: ...

By Kristin Nelson-Patel Previously, I introduced the field of sensor systems architecture and posed a real world example scenario of the unnecessary resource costs and hazards that can happen when the deployment of sensors isn't carefully thought out.

Guest Blogger

Guest Blogger

March 4, 2021 12:00 PM

Sensor Architecture Can Help Keep Us Up and Running: ...

By Kristin Nelson-Patel In the constant press of rolling out ever better products and services to our customers, it can be easy-- and often necessary-- to fall into a reactive mode around reliability. When our systems break, we have an incident process that pulls people together to figure out the problem, and fix, it as quickly as possible. That process works well and is necessary and important for particularly complex

Guest Blogger

Guest Blogger

March 1, 2021 9:00 AM

Better, or more effective?

By Fadi Saba A colleague asked me to share my thoughts on building a "better team". I confess, I stumbled on the word "better". Better than what exactly? Sure, in the essence of kaizen (a Japanese term encapsulating the idea of continuous improvement), a team can always be better. But I find it more valuable to think about a team as being "effective".

Kathryn Kun

Kathryn Kun

February 25, 2021 9:00 AM

OPTIMIZING FOR PERFORMANCE, ONE HIRE AT A TIME: PART ...

Having previously decided we need to make a new hire onto our team, part 1 of this series examined how to meet the needs of our team going into the future, instead of just adding surface visible technical skills. In part 2, we designed and built an interviewing sensor platform to identify the best candidates from our pool for our needs. In this final piece, we're looking at a particular