In addition to driving industry-leading security intelligence, Akamai threat researchers regularly publish in academic journals and present at conferences and industry association events, sharing mitigation strategies and data focused on the constantly evolving security landscape.
THREAT RESEARCH BLOG
Watch Your Step: The Prevalence of IDN Homograph Attacks
We explore the prevalence of user visits to domain names formed using IDN homograph attacks.
THREAT RESEARCH BLOG
SaltStack Vulnerabilities Actively Exploited in the Wild
We analyze recently unearthed vulnerabilities and in-the-wild attacks on SaltStack.
THREAT RESEARCH BLOG
Credential Stuffing during the COVID19 Pandemic
We examine how Covid-19 created an attack surface that criminals wasted no time taking advantage of.
FEATURED SECURITY VIDEO
Akamai CSO Andy Ellis Discusses Cybersecurity Priorities for 2020
FEATURED SECURITY REPORT
High-value targets generally attract the most sophisticated criminals and attacks.
Our new State of the Internet / Security report looks at financial services and finds a number of emerging trends. We report on spikes in the number of credential stuffing attacks against APIs, shifts in leading web attack vectors, and a DDoS attack against a bank that reached an astounding 160 Gbps. We also explore the ability of Zero Trust to defend against credential stuffing, web application, and DDoS attacks.Download the report
FEATURED THREAT ADVISORY
Fake Cozy Bear Group Making DDoS Extortion Demands: A group calling themselves "Cozy Bear" has been emailing various companies with an extortion letter, demanding payment and threatening targeted DDoS attacks if their demands are not met. We take a deep dive into their methods, suggest countermeasures, and examine a real extortion letter.
More Security Intelligence and Threat Research Blogs
- Parts of a Whole: Effect of COVID-19 on US Internet Traffic Read Blog Post
- Brazil Targeted by Phishing Scam Harnessing COVID-19 Fears Read Blog Post
- 24 Hour History of a Rootable Docker Image Read Blog Post
- The Building Wave of Internet Traffic Read Blog Post
- Threat Actors Recycling Phishing Kits in New Coronavirus (COVID-19) Campaigns Read Blog Post
- Phishing Victims From a CDN's Point of View Read Blog Post
- How I Avoided A Recruiter Scam Read Blog Post
- Abusing the Service Workers API Read Blog Post
- HTTP Cache Poisoning Advisory Read Blog Post
- Do Not Trust User Input While Rendering PDFs Read Blog Post
- Access and Threat Insights: Thanksgiving Read Blog Post
- Web Performance with Android's Battery-Saver Mode Read Publication
- RPKI is Coming of Age: A Longitudinal Study of RPKI Deployment and Invalid Route Origins Read Publication
- Scanning the Scanners: Sensing the Internet from a Massively Distributed Network Telescope Read Publication
- Characterizing JSON Traffic Patterns on a CDN Read Publication
- A Look at the ECS Behavior of DNS Resolvers Read Publication
- Strategies for Active IPv6 Topology Discovery Read Publication
- Advancing the Art of Internet Edge Outage Detection Read Publication
- Improving Bitrate Adaptation in the DASH Reference Player Read Publication
- 2019 State of the Internet / Security: A Year in Review Read Report
- 2019 State of the Internet / Security: Phishing — Baiting the Hook Read Report
- 2019 State of the Internet / Security: Media Under Assault Read Report
- 2019 State of the Internet / Security: Financial Services Attack Economy Read Report
- 2019 State of the Internet / Security: Web Attacks and Gaming Abuse Read Report
- 2019 State of the Internet / Security: Credential Stuffing - Attacks and Economies Read Report
- 2019 State of the Internet / Security: Retail Attacks and API Traffic Report Read Report
- 2019 State of the Internet / Security: DDoS and Application Attacks Report Read Report
Steve Ragan is a member of the InfoSec team at Akamai, and is responsible for writing and editing the State of the Internet / Security reports. In addition, he is a security researcher with a focus on criminal economies and phishing. Prior to joining Akamai, he was an award winning journalist covering the security industry. Steve has been on the internet long enough to remember 2400 baud modems, and the entertainment provided by a solid BBS and NNTP servers. He's a father of two, grandfather of one, and currently resides in the middle of the United States.
The latest threat advisories, network security white papers, and cloud security news with updates on DDoS attacks, botnets, malware, ransomware, and other cybersecurity vulnerabilities.
- Multiple Vulnerabilities in Magento: We look at how you can determine if you have been targeted and recommended remedial actions to be taken Read Report
- Multiple Magento Vulnerabilities: Learn about a new set of exploits, checks, and recommended fixes Read Report
- Satori Mirai Variant Alert: We look at new Mirai exploits that target multiple vulnerabilities Read Report
- CLDAP Reflection: We analyze the capabilities of and defenses against a new CLDAP method Read Report
- Forrester Wave™: WAFs, Q1 2020 Read Report
- Forrester New Wave™: Bot Management, Q1 2020 Read Report
- Gartner Magic Quadrant for Web Application Firewalls, 2019 Read Report
- Gartner Critical Capabilities for Cloud Web Application Firewalls Services, 2019 Read Report
Cloud Security News
- COVID-19 and the Perfect Security Storm Read Blog Post
- March 2020 – What's New in Security, Part 2 Read Blog Post
- March 2020 – What's New in Security, Part 1 Read Blog Post
- Why You Need Cloud-Based Security for Agile, Innovative and Lean IT Read Blog Post
- Protecting Websites from Magecart and Other In-Browser Threats Read Blog Post
- Akamai Prolexic - Mitigating Large Scale DDoS Attacks in 0 seconds Read Blog Post
- Client Side Threats & How Could Website Owners Mitigate Them? Read Blog Post
Our unprecedented visibility provides insights into DNS and IP traffic that inform threat visualizations to reveal risk factors and attacks blocked, and provide critical security data.
Daily threat levels by industry and region containing informed Internet security metrics.Learn More
Akamai Threat Research in the News
Top stories in the security industry trade, with insights from our threat intelligence research experts.
Steve Ragan shares his analysis that login credentials in question had all been leaked in previous breaches, some dating back to the Tumblr breach of 2013.Read on NBC News
Akamai researchers on how criminals have been seeking to gain trust by pretending to be an insurance company, bank or trusted brand with email scams.Read on CNBC
Or Katz on how older phishing kits have “come out of retirement” in order to target those working from home during the pandemic.Read on Threatpost
When Larry Cashdollar set up a honeypot in a Docker image, he found behavior that was more enlightening than he had imagined.Read on Dark Reading
Steve Ragan weighs in on why protecting APIs is vital because criminals have incorporated them into their target portfolios.Read on Digital Transactions
Meet Us at the Edge
Get the latest security research firsthand - meet our threat intelligence experts face-to-face at industry events throughout the year.
Security Careers at Akamai
Passionate about security? Grow with us! Akamai secures and delivers digital experiences for the world’s largest companies. Our intelligent edge platform surrounds everything, from the enterprise to the cloud, so customers and their businesses can be fast, smart, and secure.
Kick-start a new chapter in your career that will sharpen your skills and spark your imagination.
An array of useful threat research tools from browser debugging to firmware updates.
- MQTT-PWN A comprehensive solution for IoT broker penetration-testing and security assessment operations. Learn More
- JSShell An interactive multi-user web JS shell. Learn More
- Pipiot Double architecture x86/ARM malicious payload construction. Learn More
- Sonoff-Evil Firmware PoC that demos exploitation by MQTT. Learn More
- Sonoff-Angel Firmware that hardens usage of dangerous MQTT routines. Learn More
Robust compliance assessment programs, personal data processing services, and Payment Card Industry Data Security Standard (PCI DSS) certification.
Learn more about Akamai’s comprehensive compliance assessment programs and how we work with customers to obtain and maintain compliance.Learn More
Read more about Akamai’s personal data processing activities associated with the services it provides to customers.Learn More