Get In Touch
While examining my honeypot logs and digging through the newly downloaded binaries last week, I noticed a large compressed file. I figured it would be a crypto miner, typically a tar archive and gzip (normally erroneously) compressed. I moved the archive over to my test lab and started examining the contents.
It's that time again -- the launch of the second State of the Internet / Security report of 2021. While Akamai has access to some of the largest security data sets in the world, our viewpoint is limited to the traffic that traverses our networks and is seen by our tools.
Introduction By the time you read this post, the 2021 Verizon Data Breach Investigation Report (DBIR) will be published. Akamai has been one of the many partners contributing data to this report for more than half a decade. We greatly value the time, effort, and dedicated data science that goes into providing this level of research to the security community. On a personal level, my excitement about this report may
Tax scams are some of the oldest scams in a criminal's book, and they're highly attractive to criminals for many reasons. The most obvious reason is the potential financial gain of a successful scam. Successful scams can lead to the compromise of sensitive information, resulting in identity theft or fraudulent activity.
Criminals love tax season. The stress and urgency surrounding this time of year makes the victim pool highly vulnerable to various types of schemes. In addition to phishing, tax season is also the time of year when criminals focus their efforts towards other types of attacks including Local File Inclusion (LFI), SQL Injection (SQLi), and credential stuffing.
By Samuel Erb & Phil Bertuglia At Akamai, the Enterprise Security Red Team (ESRT) continuously strives to evaluate the security of both our external and internal services. We look at the security of the services we build and purchase for security vulnerabilities that could negatively impact our business and our customers. During a scheduled sorti, the ESRT investigated how to pivot access from a local package management system used to
Executive Summary Recent attacks against Akamai customers have leveraged a networking protocol known as protocol 33, or Datagram Congestion Control Protocol (DCCP). These attacks prompted the Akamai SIRT team to look into the protocol further and offer insights and mitigation strategies for network defenders.
There are many crypto mining malware variants infecting systems on the internet. On Friday, March 4, 2021, I noticed an interesting hit in my honeypot logs. The binary it captured stood out, as it was rather large at 4MB. I immediately thought it would be a crypto miner written in the Go language. I was correct. This one however, has some newer exploits it's using for proliferation.
Last year, the SOTI team pledged to evolve. We had no idea that the evolution before us would require such dramatic changes to how we both live and work. In truth, 2020 was a roller coaster with dramatic ups and downs, encompassing stress, fear, and uncertainty. Even as 2021 unfolds, COVID-19 is still impacting our day-to-day lives at work and at home.