Welcome!

News Feed Item

Akamai's State of the Internet / Security: Carrier Insight Report Highlights the Importance of Information Sharing in Battle Against Cyber Threats

Layered Analysis of Cyber Data, Including DNS Queries, Leads to Stronger Protection Against DDoS, Malware, and Botnet Attacks

CAMBRIDGE, Mass., April 17, 2018 /PRNewswire/ -- Akamai Technologies, Inc. (NASDAQ: AKAM), the world's largest and most trusted cloud delivery platform, today announced the availability of the State of the Internet / Security: Carrier Insights Report for Spring 2018, which shows that sharing information is an important factor in helping to defend against cyber threats. The report analyzes data from more than 14 trillion DNS queries collected by Akamai between September 2017 and February 2018 from communications service provider (CSP) networks around the world.

Akamai Technologies logo. (PRNewsFoto/AKAMAI TECHNOLOGIES) (PRNewsfoto/Akamai Technologies, Inc.)

For more than 19 years, Nominum, acquired by Akamai in 2017, has leveraged in-depth DNS data to improve overall protection against sophisticated cyberattacks such as distributed denial of service (DDoS), ransomware, trojans, and botnets. Akamai's Carrier Insight Report builds upon the Nominum expertise and highlights the effectiveness of DNS-based security that is enriched with data coming from other security layers. This layered security approach involves gathering various security solutions to collectively protect an organization's data.

"Siloed understanding of attacks against individual systems isn't enough for defenders to prepare for today's complicated threat landscape," said Yuriy Yuzifovich, Director of Data Science, Threat Intelligence, Akamai. "Communicating with varying platforms is critical when acquiring knowledge across teams, systems and data sets. We believe that the DNS queries that our service provides act as a strategic component to arming security teams with the proper data necessary for that big picture view of the threat landscape."

Tackling the Mirai Botnet: Collaboration in Action
Collaboration between teams within Akamai played a crucial role in discovering Mirai command and control (C&C) domains to make future Mirai detection more comprehensive. The Akamai Security Intelligence and Response Team (SIRT) has been following Mirai since its inception, using honeypots to detect Mirai communications and identify its C&C servers.

In late January 2018, Akamai's SIRT and Nominum teams shared a list of over 500 suspicious Mirai C&C domains. The goal of this was to understand whether, if by using DNS data and artificial intelligence, this list of C&C could be augmented, and make future Mirai detection more comprehensive. Through several layers of analysis, the combined Akamai teams were able to augment the Mirai C&C dataset to discover a connection between Mirai botnets and distributors of the Petya ransomware.

This collaborative analysis suggested an evolution of IoT botnets, from a nearly exclusive use case of launching DDoS attacks to more sophisticated activities such as ransomware distribution and crypto-mining. IoT botnets are difficult to detect because there are very few indicators of compromise for most users—and yet, the collaborative research by these teams created the chance to find and block dozens of new C&C domains to control the activity of the botnet.

Javascript Cryptominers: A Shady Business Model
The exponential rise in public consumption of cryptocurrency adoption has been reflected in a sharp, observable increase in the number of crypto-mining malware strains, and the number of devices infected with them.

Akamai observed two distinct business models for large-scale crypto-mining. The first model uses infected devices' processing power to mine cryptocurrency tokens. The second model uses code embedded into content sites that make devices that visit the site work for the cryptominer. Akamai conducted extensive analysis on this second business model, as it poses a new security challenge for users and website owners alike. After analyzing the cryptominer domains, Akamai was able to estimate the cost, in terms of both computer power and monetary gains, from this activity. An interesting implication of this research shows that cryptomining could become a viable alternative to ad revenue to fund websites.

Changing Threats: Malware and Exploits Repurposed
Cybersecurity is not a static industry. Researchers have observed hackers leveraging old techniques to reuse in today's current digital landscape. Over the six months that Akamai collected this data, a few prominent malware campaigns and exploits show notable changes in their operating procedure, including:

  • The Web Proxy Auto-Discovery (WPAD) protocol was discovered in use to expose Windows systems to Man-in-the-Middle attacks between November 24 and December 14, 2017. WPAD is meant to be used on protected networks (i.e. LANs) and leaves computers open to significant attacks when exposed to the Internet.
  • Malware authors are branching out to the collection of social media logins in addition to financial information. Terdot, a branch of the Zeus botnet, creates a local proxy and enables attackers to perform cyber-espionage and promote fake news in the victim's browser.
  • The Lopai botnet is an example of how botnet authors are creating more flexible tools. This mobile malware mainly targets Android devices and uses a modular approach that allows owners to create updates with new capabilities.

To learn more about the report, please visit the Akamai booth #N3625 in Moscone Center North during the RSA Conference on Thursday, April 19 at 10:30am when Akamai's Principal Security Researcher Yohai Einav will present on the research process itself and the specific findings.

A complimentary copy of the State of the Internet / Security Carrier Insights Report Spring 2018 is available for download at: https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/spring-2018-state-of-the-internet-security-report.pdf.

Methodology
Akamai Security Research analyzes daily, weekly and quarterly data sets to predict the next moves cybercriminals will take. The goal is to detect attack signals in the sea of DNS data, and validate known attack types while simultaneously detecting new, unknown and unnamed malicious activity. In addition to using commercial and public data sources, the team analyzes 100 billion queries daily from Akamai customers. Akamai works with more than 130 service providers in over 40 countries, resolving 1.7 trillion queries daily. This sample represents approximately three percent of total global DNS traffic generated by consumers and businesses worldwide.

About Akamai
As the world's largest and most trusted cloud delivery platform, Akamai makes it easier for its customers to provide the best and most secure digital experiences on any device, anytime, anywhere. Akamai's massively distributed platform is unparalleled in scale with over 200,000 servers across 130 countries, giving customers superior performance and threat protection. Akamai's portfolio of web and mobile performance, cloud security, enterprise access, and video delivery solutions are supported by exceptional customer service and 24/7 monitoring. To learn why the top financial institutions, e-commerce leaders, media & entertainment providers, and government organizations trust Akamai please visit www.akamai.com, blogs.akamai.com, or @Akamai on Twitter.

Contacts:


Tim Whitman

Tom Barth

Media Relations

Investor Relations

617-444-3019

617-274-7130

[email protected]

[email protected]

 

Cision View original content with multimedia:http://www.prnewswire.com/news-releases/akamais-state-of-the-internet--security-carrier-insight-report-highlights-the-importance-of-information-sharing-in-battle-against-cyber-threats-300630702.html

SOURCE Akamai Technologies, Inc.

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
As organizations shift towards IT-as-a-service models, the need for managing and protecting data residing across physical, virtual, and now cloud environments grows with it. Commvault can ensure protection, access and E-Discovery of your data – whether in a private cloud, a Service Provider delivered public cloud, or a hybrid cloud environment – across the heterogeneous enterprise. In his general session at 18th Cloud Expo, Randy De Meno, Chief Technologist - Windows Products and Microsoft Part...
Andi Mann, Chief Technology Advocate at Splunk, is an accomplished digital business executive with extensive global expertise as a strategist, technologist, innovator, marketer, and communicator. For over 30 years across five continents, he has built success with Fortune 500 corporations, vendors, governments, and as a leading research analyst and consultant.
"Cloud computing is certainly changing how people consume storage, how they use it, and what they use it for. It's also making people rethink how they architect their environment," stated Brad Winett, Senior Technologist for DDN Storage, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
In his session at 20th Cloud Expo, Brad Winett, Senior Technologist for DDN Storage, will present several current, end-user environments that are using object storage at scale for cloud deployments including private cloud and cloud providers. Details on the top considerations of features and functions for selecting object storage will be included. Brad will also touch on recent developments in tiering technologies that deliver single solution and an end-user view of data across files and objects...
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settl...
No hype cycles or predictions of zillions of things here. IoT is big. You get it. You know your business and have great ideas for a business transformation strategy. What comes next? Time to make it happen. In his session at @ThingsExpo, Jay Mason, Associate Partner at M&S Consulting, presented a step-by-step plan to develop your technology implementation strategy. He discussed the evaluation of communication standards and IoT messaging protocols, data analytics considerations, edge-to-cloud tec...
In his session at @ThingsExpo, Dr. Robert Cohen, an economist and senior fellow at the Economic Strategy Institute, presented the findings of a series of six detailed case studies of how large corporations are implementing IoT. The session explored how IoT has improved their economic performance, had major impacts on business models and resulted in impressive ROIs. The companies covered span manufacturing and services firms. He also explored servicification, how manufacturing firms shift from se...
For far too long technology teams have lived in siloes. Not only physical siloes, but cultural siloes pushed by competing objectives. This includes informational siloes where business users require one set of data and tech teams require different data. DevOps intends to bridge these gaps to make tech driven operations more aligned and efficient.
IoT is at the core or many Digital Transformation initiatives with the goal of re-inventing a company's business model. We all agree that collecting relevant IoT data will result in massive amounts of data needing to be stored. However, with the rapid development of IoT devices and ongoing business model transformation, we are not able to predict the volume and growth of IoT data. And with the lack of IoT history, traditional methods of IT and infrastructure planning based on the past do not app...
For organizations that have amassed large sums of software complexity, taking a microservices approach is the first step toward DevOps and continuous improvement / development. Integrating system-level analysis with microservices makes it easier to change and add functionality to applications at any time without the increase of risk. Before you start big transformation projects or a cloud migration, make sure these changes won’t take down your entire organization.
It is ironic, but perhaps not unexpected, that many organizations who want the benefits of using an Agile approach to deliver software use a waterfall approach to adopting Agile practices: they form plans, they set milestones, and they measure progress by how many teams they have engaged. Old habits die hard, but like most waterfall software projects, most waterfall-style Agile adoption efforts fail to produce the results desired. The problem is that to get the results they want, they have to ch...
Organizations planning enterprise data center consolidation and modernization projects are faced with a challenging, costly reality. Requirements to deploy modern, cloud-native applications simultaneously with traditional client/server applications are almost impossible to achieve with hardware-centric enterprise infrastructure. Compute and network infrastructure are fast moving down a software-defined path, but storage has been a laggard. Until now.
Without a clear strategy for cost control and an architecture designed with cloud services in mind, costs and operational performance can quickly get out of control. To avoid multiple architectural redesigns requires extensive thought and planning. Boundary (now part of BMC) launched a new public-facing multi-tenant high resolution monitoring service on Amazon AWS two years ago, facing challenges and learning best practices in the early days of the new service.
Digital Transformation is much more than a buzzword. The radical shift to digital mechanisms for almost every process is evident across all industries and verticals. This is often especially true in financial services, where the legacy environment is many times unable to keep up with the rapidly shifting demands of the consumer. The constant pressure to provide complete, omnichannel delivery of customer-facing solutions to meet both regulatory and customer demands is putting enormous pressure on...
The best way to leverage your CloudEXPO | DXWorldEXPO presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering CloudEXPO | DXWorldEXPO will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at CloudEXPO. Product announcements during our show provide your company with the most reach through our targeted audienc...