Akamai
Security Intelligence
& Threat Research
Subscribe
A Discussion With CSO Andy Ellis
In this week's podcast, Steve and Andy talk about his recent Reddit AMA, and the best food to have on hand for a security incident. The topic is an off-shoot of the best wine pairing question from the AMA, and Andy adds to that answer with the story behind his choice of wine (1976 Chateau Gloria, Saint-Julien) for an internet meltdown. https://www.reddit.com/r/netsec/comments/jp73qv/i_am_the_chief_security_officer_at_akamai_and_i/
Evading Link Scanning Security Services with Passive ...
By Gal Bitensky, Executive Summary Link scanners are a critical component in multiple classes of security products including email security suites, websites that suggest direct inspection of a suspicious link, and others. Behind the scenes, these services use web clients to fetch the contents of a link. This is, by definition, a bot, what we often nickname "a good bot." This research discusses scenarios where threat actors apply classic tactics
State of The Internet Security 2020 Year In Review
What a year it's been. . Just as the ink started to dry on those first pages of 2020, we opened up our first report with this: "As we look forward to the year ahead, the staff that produces the State of the Internet / Security report really only has one resolution -- evolve. It's an interesting mandate, because we're not the only ones evolving. Criminals have started to evolve,
Phishing Summary 2020 - Trends and Highlights
2020 was a challenging year for many of us, as the COVID-19 pandemic disrupted life and introduced challenges in almost all elements of living. 2020 was also challenging from a cybersecurity point of view, as nearly the entire workforce moved to remote working and enterprise boundaries were never so vague, which introduced complexities on that end. As this year comes to an end, it's time to look back and highlight
WordPress Malware Setting Up SEO Shops
While recently looking over my honeypots, I discovered an infection where a malicious actor added a storefront on top of my existing WordPress installation. For background, this particular honeypot is a full instance of WordPress running on a Docker image. The administrator credentials are intentionally weak, in order to give those with malicious intent easy access. This way I can examine what attacks the vulnerable site will undergo and what
A Discussion: Kristin Nelson-Patel's path to InfoSec ...
Martin and Steve talk with Kristin Nelson-Patel, the Lead Architect on Akamai's Sensors Team, about her path into InfoSec, impostor syndrome, and what her job entails. This episode is a continuation of the theme started in October, and earlier this month, where others shared their experiences.
Akamai's Affinity Conference: A Discussion
In this week's episode, Steve is joined by Ela Wolny, Joanna Gamracy, Robert Pajak, Or Katz, and Larry Cashdollar to talk about Akamai's Affinity conference. Larry and Or discuss their presentations, while Ela, Joanna, and Robert introduce Steve to Affinity and its history. The Akamai Affinity conference is an annual conference created by IT professionals, for IT professionals. Over three days, Affinity offers participants an opportunity to experience not only
A Discussion: Imposter Syndrome & Paths To InfoSec ...
Steve Ragan and Chad Seaman, senior researcher for Akamai's SIRT, discuss their paths into InfoSec, impostor syndrome, and the magic that was Encarta '95. This episode is part of a longer series on impostor syndrome, and the unique paths many of us in Akamai's InfoSec team have taken in security.
Phishing JavaScript Obfuscation Techniques Soars
In our previous blogs, first where we explained JavaScript Obfuscation techniques and introduced a detailed overview on how JavaScript is being used to obfuscate page content to make phishing attacks and other web scams as evasive as possible; followed by one where we took a deep dive to examine double JavaScript obfuscation techniques, presenting a tale of an obfuscated scam seen in the wild and showing how the same phishing