Akamai Diversity

Akamai Security Intelligence
& Threat Research

Akamai InfoSec

Akamai InfoSec

January 22, 2019 9:00 AM

InfoSec experiment - Letting the CAT out of the bag

By Lukasz Orzechowski If you work on an Information Security team that gets customer questionnaires, you're likely familiar with Vendor Security Risk Assessment templates. We all care about information safety, and it is natural for our customers to want to check how well we are aligned with what they require internally, or with industry standards. We get a lot of questions and addressing them is our bread and butter. One

Larry Cashdollar

Larry Cashdollar

January 17, 2019 9:00 AM

ThinkPHP Exploit Actively Exploited in the Wild

While investigating the recent Magecart card skimming attacks, I came across a payload I was not familiar with. Further research into it lead me to discover that in December a researcher disclosed a remote command execution vulnerability in ThinkPHP, a web framework by TopThink.

Or Katz

Or Katz

December 14, 2018 8:00 AM

Quiz Phishing: One Scam, 78 Variations

Overview Over the past year, Akamai Enterprise Threat Research team monitored the usage of one particular phishing toolkit in the wild. We previously wrote about this phishing toolkit as "Three Questions Quiz". The "Quiz" toolkit is not new to the threat landscape, as its been used in many phishing campaigns in recent years. Our goal here is to present new insights on the evolution and scale of usage of the

Martin McKeay

Martin McKeay

December 5, 2018 9:31 AM

A Year of Research

As the year draws to a close, our team decided Issue 5 of the State of the Internet report should take a look back at what we've done over the previous 12 months. The State of the Internet Security report is one of the most visible efforts of the research efforts at Akamai, but it is far from the only research we do and is not always the most important

Amiram Cohen

Amiram Cohen

December 5, 2018 8:00 AM

Threat Hunting When the Perimeter is Vague

Are Domains Malicious? The most basic capability of malware is the ability to communicate. Most malware will use the DNS protocol to enable robust communication. Typical malware payloads will use such techniques to download files to the compromised machine, or to communicate with the Command and Control (CnC) servers in order to control activities or exfiltrate data. These days, the defensive perimeter is becoming a vague concept. This reality is

Akamai SIRT Alerts

Akamai SIRT Alerts

November 28, 2018 9:24 AM

UPnProxy: EternalSilence

By, Chad Seaman Overview: UPnProxy is alive and well. There are 277,000 devices, out of a pool of 3.5 million, running vulnerable implementations of UPnP. Of those, Akamai can confirm that more than 45,000 have been compromised in a widely distributed UPnP NAT injection campaign. These injections expose machines living behind the router to the Internet and appear to target the service ports used by SMB.

Ryan Barnett

Ryan Barnett

November 27, 2018 7:05 AM

Protecting Your Website Visitors from Magecart: Trus ...

There have been many news reports recently which outline how cyber criminals have successfully injected credit card skimming JavaScript code into the checkout process pages of various websites. Dubbed Magecart, these attacks refer to a number of threat actors who are using similar tactics to skim customer data from e-commerce websites. While Magecart is the current threat example, the larger threat is that of malicious JavaScript skimmer code. This blog

Larry Cashdollar

Larry Cashdollar

November 20, 2018 2:00 PM

jQuery File Upload Disclosure Due Diligence

After I disclosed the arbitrary file upload vulnerability in Blueimp's jQuery File Upload project in early October I decided to investigate similar projects. I found a list of the top 20 jQuery file upload projects that listed both free open source and commercial repositories. I started to examine the code that didn't require a purchase, and found the majority didn't provide a method to actually upload the file. They simply

Akamai InfoSec

Akamai InfoSec

November 20, 2018 10:00 AM

An Introduction to Magecart

Written by Steve Ragan Since at least September, a number of criminals have been targeting online shopping carts and skimming credit card data at checkout. Collectively, these criminals are being called Magecart. Researchers at RiskIQ and Flashpoint Intelligence have identified six groups associated with these skimming attacks. Like it or not, the holiday shopping season is here. Over the next few weeks, many of you will be searching out deals