Akamai Security Intelligence & Threat ResearchSubscribe
State of the Internet Security - Credential Stuffing
Credential stuffing, and the botnets behind this activity, is the primary focus of the State of the Internet Security Report, Issue 4, 2018. Credential stuffing, the use of botnets to try to login to a site with stolen or randomly created login information, isn't a new phenomenon, but it is one that is having a growing impact, especially on financial services organizations. Our latest report takes a deeper look at
Root KSK Roll: Replacing the Root of Trust for the D ...
By Tim April -------- Update (Sept. 17, 2018): On Sunday, September 16th, the ICANN Board adopted a resolution instructing the ICANN Organization to continue the Root KSK Roll as planned, switching the Root KSK at 1600 UTC on October 11, 2018. --------- On October 11, 2018 -- for the first time ever -- the Root Key Signing Key (Root KSK), that is the single root of trust used to verify
New Tsunami/Kaiten Variant: Propagation Status
Ryan Barnett, Principal Security Researcher, Akamai Moshe Zioni, Director of Threat Research, Akamai Recent news reports have highlighted the latest evolution of the Mirai botnet code, which is itself an evolution of the Kaiten botnet. The botnet developers have leveraged features from an open-source project, called Aboriginal Linux, that results in a cross platform compiled binary. Needless to say, this greatly increases the success rates of spreading the Mirai malware
The Dark Side of APIs: Denial of Service Attacks
Ryan Barnett, Principal Security Researcher, Akamai Elad Shuster, Senior Security Researcher, Akamai In this blog post, we will discuss different Denial of Service (DoS) attacks that may negatively impact your API services, as well as mitigations offered by Kona Site Defender (KSD).
Attack Status: Apache Struts Vulnerability (CVE-201 ...
This blog post is a follow-up to https://blogs.akamai.com/2018/08/apache-struts-vulnerability-cve-2018-11776.html and its purpose is to highlight attack data we have seen on the Akamai network related to this vulnerability.
The Diversity and Density of Web Application Attacks ...
Our exploration of methods for normalizing the number of web application attacks sourced by each country has only considered contextual variables from external sources that characterized each country in a context devoid from Akamai, so far. This final leg of the journey will situate the attack counts within a context that is specific to Akamai and the characteristics of the attacks themselves.
Linux Kernel IP Vulnerability 2
On the week of July 15th, researcher Juha-Matti Tilli disclosed a vulnerability in the Linux kernel to the kernel maintainers, the National Cyber Security Center - Finland (NCSC-FI), CERT Coordination Center (CERT/CC), and Akamai. The vulnerability, CVE-2018-5391, is a resource exhaustion attack triggered by a specially crafted stream of IP datagrams that cause expensive processing within the Linux kernel. This vulnerability is similar to the Linux TCP vulnerability announced August,
Data Spaghetti: Throw it at the wall and see what st ...
In the last installment, we introduced the challenge of normalizing a geographic visualization showing the observed number of web application attacks sourced from each country. This time, we'll try to discern which potential normalizing variables could have a significant relationship with the attack counts through exploratory analysis and hopefully gain some new insights.
Linux Kernel TCP Vulnerability
On the week of July 15th researcher Juha-Matti Tilli disclosed a vulnerability he discovered in the Linux kernel to the kernel maintainers, the National Cyber Security Center - Finland (NCSC-FI), CERT Coordination Center (CERT/CC), and Akamai. The vulnerability, CVE-2018-5390, is a resource exhaustion attack triggered by a specially crafted stream of TCP segments which creates expensive processing within the Linux kernel. In preparation for the public disclosure of the vulnerability,