Get In Touch
HTTP2 is the second major version of the HTTP protocol. It changes the way HTTP is transferred "on the wire" by introducing a full binary protocol, made up of TCP connections, streams and frames, rather than simply being a plain-text protocol. Such a fundamental change between HTTP/1.x to HTTP/2, meant that client side and server side implementations had to incorporate completely new code to support new HTTP2 features - this
Looking at the hoffmeister.be data (yes, our previously identified attacker fixed a typo in the TLD) and recent attempts at large-scale amplification attacks, I noticed a surprising absence of spoofed source addresses. My first thought was that the ISP forces the correct IP onto packets entering the network, but that is not common practice (illegal source address packets are dropped if you implement BCP38, SAVI and/or unicast RPF).
Overview Can you imagine anyone buying a car without airbags and without seat belts? I bet you can't! So why is it that we buy computers without Antivirus software already installed, home routers without a firewall already installed or connected devices (IoT) that are lacking proper security controls?
We see a lot of DNS amplification attacks, so we're rarely impressed by them. Today was different.
On Friday, May 12, news agencies around the world reported that a new ransomware threat was spreading rapidly. Akamai's incident response teams and researchers worked quickly to understand this new threat and how to mitigate it. This blog post is a summary of what Akamai knows at this point. Remember that this is still an evolving threat and this information may change. Akamai will update this post as we collect
As the investigation of the WannaCry ransomware keeps evolving, more evidence is revealed and more theories are suggested. While analyzing the DNS and HTTP traffic of domains and clients involved in WannaCry we made several useful discoveries, which may shed some additional light on this cybercrime.
A recent DDoS attack against Cedexis, a French service provider, caused many prominent French newspapers, including Le Monde, Le Figaro, L'Equipe, Le Nouvel Observateur, all hosted on Cedexis network, to briefly shut down yesterday, May 10. Other web services built on Cedexis network has been affected as well.
Ransomware is grabbing a lot of headlines lately given the increasing frequency with which these attacks occur. One prominent form of this advanced cyberthreat is Locky, which we first wrote about almost one year ago. After our initial blog post we saw Locky mostly disappear - at least momentarily. It then came back about three weeks later, but given our broad view of DNS queries from communications service provider (CSP)
Today a new phishing attack began making the rounds in email boxes around the world, taking the form of an email with a link to a Google Doc that the sender has shared with the recipient. The email looks innocent enough, as shown in the image below - I myself received one shortly after the attack was launched - and many people likely clicked the link out of curiosity to