Understand the sources and attributes of emerging cybersecurity threats, and best practices to prevent, identify and mitigate DDoS attacks and vulnerabilities to protect your enterprise.
Attack Spotlight: 363 Gbps DDoS Attack
Published July 25, 2016
In-depth analysis of one of the largest confirmed Distributed Denial-of-Service (DDoS) attacks of the year on the Akamai routed solution. This multi-vector attack employed six vectors simultaneously and peaked at 363 Gigabits per second (Gbps).
Timeline of DDoS Campaigns Against MIT
Published July 22, 2016
Akamai SIRT reviews and analyzes the of DDoS attack campaigns leveraged against the Massachusetts Institute of Technology (MIT) network during 2016. Since January, the network has been targeted more than 35 DDoS attacks with close to 43% of attack vectors leveraging reflection and amplification attack vectors.
Medium Risk DDoS Threat Advisory: Trivial File Transfer Protocol (TFTP) Reflection DDoS
Published June 1, 2016
A new DDoS reflection and amplification method has been observed abusing Trivial File Transfer Protocol (TFTP), continuing the trend of UDP-based protocols for malicious use.
High Risk DDoS Threat Advisory: #OpKillingBay Expands Targets Across Japan Published April 21, 2016
Akamai SIRT tracks the resurgence of the malicious actor group operating under the name #OpKillingBay, who over the last three years, have targeted Japanese companies affiliated with whale and dolphin hunting. Since the beginning of 2016, SIRT has seen the group's hacking activities expanded across industries not affiliated directly including automative and even to government domains.
High Risk DDoS Threat Advisory: BillGates Botnet Published April 4, 2016
Akamai SIRT has been tracking the threat posed by the recently discovered BillGates botnet – an evolving botnet from the XOR family previously reported on last year.
Disclaimer: The malware was named after Microsoft’s former CEO, Bill Gates based on the fact that it targets Linux machines instead of Windows. However, the malware is not affiliated in any way with Microsoft Corporation or the Founder, Bill Gates.
DNSSEC Amplification DDoS Published February 16, 2016
DNS reflection and amplification DDoS attacks now being observed abusing DNSSEC configured domains-effectively using DNS resolvers as a shared botnet.
Continuous Uptick in SEO Attacks Published January 12, 2016
Attackers are leveraging SQL injection vulnerabilities within websites to inject bogus web content and manipulate Search Engine Optimization (SEO) rankings.
Electronic Medical Records: Risks and Defenses Published November 16, 2015
Malicious actors have begun to exploit the data contained within Electronic Medical Records (EMRs) with the potential to commit various forms of fraud.
Latest DDoS Reflection Attack Vectors Threat Advisory Published October 28, 2015
NetBIOS name server reflection DDoS, RPC portmap reflection DDoS and Sentinel DDoS, which reflects off of licensing servers.
MS SQL Reflection DDoS Threat Advisory Published February 12, 2015
Attackers are using reflection techniques against Internet-exposed SQL Server instances to launch amplified DDoS attacks against targets.
Man-in-the-Middle Attacks Target iOS and Android Threat Advisory Published December 17, 2014
Attackers may be using phishing and remote access Trojans such as Xsser mRAT to target mobile phones for surveillance, stealing credentials and DDoS attacks.
Yummba Webinject Tools Threat Advisory Published November 20, 2014
Yummba webinject tools and ATSengine are used to steal bank logins and transfer funds. Includes analysis and vulnerability mitigation.
Shellshock Bash Bug DDoS Botnet Threat Advisory Published October 30, 2014
DDoS botnet-builders are using the Shellshock Bash bug in Linux-based, Mac OS X and Cygwin systems to propagate a DDoS botnet, launch DDoS attacks, exfiltrate confidential data and run malicious programs.
Poodle SSLv3 Vulnerability Threat Advisory Published October 27, 2014
A Secure Socket Layer version 3 (SSLv3) vulnerability, CVE-2014-3566, may allow an attacker to calculate the plaintext (cleartext) in secure connections, effectively defeating SSL protection.
SSDP Reflection DDoS Attacks Threat Advisory Published October 15, 2014
Vulnerabilities in common devices using the Universal Plug and Play (UPnP) and Simple Service Discovery (SSDP) protocols can be employed as tools for reflection and amplification DDoS attacks.
Spike DDoS Toolkit Threat Advisory Published September 24, 2014
The capability of this kit to infect and control a broader range of devices, including Linux and ARM-based devices, allows DDoS attackers to launch large attacks and to propagate botnets in a post-PC era.
IptabLes and IptabLex DDoS Bots Threat Advisory Published September 3, 2014
Linux systems are being infiltrated via known vulnerabilities in Apache Struts, Tomcat and Elasticsearch to host IptabLes and IptabLex malware for use in DDoS botnets.
Blackshades RAT Threat Advisory Published July 9, 2014
Blackshades RAT crimeware is used for identity theft and blackmail. It allows malicious actors to spy on users by monitoring video and audio, keylogging, harvesting banking and website access credentials, and controlling the victim machine to hijack files and to launch executables.
Zeus Crimeware Threat Advisory Published June 10, 2014
The Zeus toolkit is used in many types of cybercrime, including customized attacks to target Fortune 500 enterprises. Attackers leverage the resources of infected devices and extract sensitive information for identity theft and fraud. Includes mitigation details.
SNMP Reflector Threat Advisory Published May 22, 2014
Simple Network Management Protocol (SNMP) reflection tools are used by malicious actors to harness devices such as printers, switches, firewalls and routers for use in DDoS attacks. Network administrators need to take the remediation steps described.
Storm Network Stress Tester Threat Advisory Published April 29, 2014
The Storm crimeware kit infects Windows XP (and higher) systems for malicious uses and enables file uploads and downloads and the launching of executables, including four DDoS attacks. Remote access lets malicious actors use a PC for malicious activity, such as the infection of other devices.
NTP Amplification Threat Advisory Published March 12, 2014
With only a handful of vulnerable NTP servers, NTP amplification attack toolkits enable malicious actors to launch 100 Gbps DDoS attacks and larger.
Domain Name System (DNS) Flooder Threat Advisory Published February 11, 2014
Malicious actors are purchasing, setting up and using their own DNS servers in reflection DDoS attacks, avoiding the need to source vulnerable DNS servers on the Internet. Includes a sample payload, analysis, source code, Snort rule, ACL mitigation and two case studies.