Get In Touch
Since COVID-19 isolation protocols started in the United States in early March, bad actors have had a lot of time on their hands and a large pool of victims to target. Thousands of people, millions across the globe, suddenly found themselves working from home and away from many of the enterprise-grade protections that governed their day-to-day workflow.
Introduction In our previous post, The Building Wave of Internet Traffic, we looked at the traffic patterns across Europe and the effect the COVID-19 pandemic has had. We examined traffic in Italy, Poland, and Spain, and demonstrated how we observed huge surges of traffic around the implementation of isolation protocols, which then reduced to more normal levels in the days after. Though, it's important to note this new level of
Researchers at Akamai have identified a new phishing campaign targeting users in Brazil who are worried about their finances during the COVID-19 epidemic. Over two weeks, we identified that the three-question quiz campaign successfully targeted more than 850,000 victims, scamming them out of personal information, and in some cases, convincing them to install Adware on their computer.
I'm going to tell you a story. It's not a common story about research successes. This story is about a research project where I failed to find answers to questions, and why that's okay. Starting off, my research partner and I knew the project was a big ask, based on the open-ended question of whether there was a cause for the jump in SQL Injection (SQLi) attacks over the last
I've been working with many different honeypot implementations lately - from cowrie and WordPot, to Dionaea and WAPot. To expand on that, I decided to set up a simple docker image with SSH, running a guessable root password. The catch? I'd be capturing all the credentials used to login to the docker image, as well as the entire shell session, to a log file and the screen. The attacker wouldn't
The Novel Coronavirus, and the resulting viral respiratory illness caused by it, COVID-19, is changing our world. As much as possible, people around the world are practicing social distancing. This means working remotely for a large number of people, possibly for the first time in their lives. From Akamai's view, these changes led to a 30% growth in Internet traffic in March, causing many people to ask if the Web
Recently, researchers at Akamai observed phishing attacks leveraging recycled kits in a series of campaigns taking advantage of the Coronavirus (COVID-19) health crisis. Phishing kits that have been previously deployed over the last several months are now being used again in order to reach a new pool of potential victims: those working from home due to self-isolation, mandated quarantine, or corporate policy during the pandemic.
Overview Being a Content Delivery Network (CDN) platform, sometimes you can see fractions of attacks on the wire. In this blog, we will focus on phishing websites that, while not being delivered by the Akamai platform, are referring to or redirecting victims to pages that are on Akamai's platform.
Recruitment scams are a serious, but often overlooked risk to job seekers. Those responsible for these schemes often play on the victim's stress levels or professional ego, by using authority to offer something that could be life changing, often with large salaries. I've personally experienced a recruitment scam. In this post, we'll explore the scam that targeted me, and the steps I took that prevented me from becoming a victim.