Akamai Diversity

Akamai Security Intelligence & Threat Research

Or Katz

Or Katz

August 5, 2019 6:16 AM

Summer Phishing Scams Targeting Vacation Hotspots

As phishing websites become more advanced, by using rich functionality and customized workflows, evidence indicates that web analytics plugins are being commonly used in phishing kits. This enables threat actors to have stronger visibility into victim profiles and their behavior once they have landed on the scam website. This, in turn, can lead to future optimizations of the phishing kit and scam's distribution.

Larry Cashdollar

Larry Cashdollar

July 29, 2019 7:00 AM

Criminals using targeted Remote File Inclusion attac ...

In June 2019, logs on my personal website recorded markers that were clearly Remote File Inclusion (RFI) vulnerability attempts. The investigation into the attempts uncovered a campaign of targeted RFI attacks that currently are being leveraged to deploy phishing kits. The latest kit focuses on a large and well-known bank in the EU.

Larry Cashdollar

Larry Cashdollar

June 13, 2019 11:17 AM

Latest ECHOBOT: 26 Infection Vectors

Introduction Since the release of the Mirai source code in October of 2016, there have been hundreds of variants. While publishing my own research, I noticed that Palo Alto Networks was also examining similar samples, and published their findings. Earlier this month, not too long after Palo Alto Networks published their report, I discovered a newer version of Echobot that uses 26 different exploits for its infection vectors. In some

Larry Cashdollar

Larry Cashdollar

June 5, 2019 8:00 AM

Identifying Vulnerabilities in Phishing Kits

While recently examining hundreds of phishing kits for ongoing research, Akamai discovered something interesting - several of the kits included basic vulnerabilities due to flimsy construction or reliance on outdated open source code. Considering the impact phishing kits have on the Internet and web hosting as a whole, the phrase "kicking someone when they're down" certainly come to mind.

Amiram Cohen

Amiram Cohen

May 21, 2019 8:00 AM

16Shop: Commercial Phishing Kit Has A Hidden Backdoo ...

Additional research by Or Katz When it comes to targeting Apple users and their personal and financial data, 16Shop has emerged as a go to kit for those who can afford it. While 16Shop is sold to criminals looking to collect sensitive information from a targeted subset of the Internet community, at least one pirated version circulating online houses a backdoor that siphons off the data harvested and delivers it

Threat Research Team

Threat Research Team

May 15, 2019 8:00 AM

Bots Tampering with TLS to Avoid Detection

Researchers at Akamai observed attackers using a novel approach for evading detection. This new technique - which we call Cipher Stunting - has become a growing threat, with its roots tracing back to early-2018. By using advanced methods, attackers are randomizing SSL/TLS signatures in an attempt to evade detection attempts.

Yael Daihes

Yael Daihes

April 10, 2019 8:00 AM

Does DNS Data Really Matter?

Real-world data on how adding DNS data to a deep learning model increases its effectiveness By Yael Daihes & Craig Sprosts These days, big data and machine learning are topics of frequent discussion within the security community. While the idea that machine learning algorithms prosper with access to more data is hardly a revelation, we wanted to dig deeper and conduct an experiment using global DNS traffic. More specifically, how

Larry Cashdollar

Larry Cashdollar

April 1, 2019 10:09 AM

SIRT Advisory: Multiple Vulnerabilities in Magento

Summary Magento users should patch their systems to the fixed versions 2.3.1, 2.2.8 and 2.1.17 immediately due to multiple severe vulnerabilities disclosed in Magento on March 26, 2019.

Jonathan Respeto

Jonathan Respeto

March 20, 2019 7:00 AM

Continuous Training with CTF's

Akamai Engineering Culture Akamai is an environment fueled by the desire to learn and improve. There are open engineering and training courses, wikis, live training sessions, as well as engineer lead lecture series. Most importantly there is a strong culture around continued personal and professional development. The Security Operations Control Center (SOCC), for example, has a continuous training program where team members are given a full day, every week, dedicated