Cybersecurity Threat Advisories

Understand the sources and attributes of emerging cybersecurity threats, and best practices to prevent, identify and mitigate DDoS attacks and vulnerabilities to protect your enterprise.

Most Recent Threat Advisories

  • Multiple Vulnerabilities in Magento
    Published April 1, 2019
    Earlier this week, Magento disclosed a new set of vulnerabilities affecting versions 2.0 and up. With a proof of concept exploit already published and the an SQL injection vulnerability being actively exploited, we look at how you can determine if you have been targeted and recommended remedial actions to be taken.

    Read More

Past Threats

  • Summer 2018 State of the Internet / Security Attack Spotlight: Memcached Reflection Attack
    Published June 12, 2018
    Could the memchached amplification vector have been mitigated sooner? When Akamai successfully mitigated the largest DDoS attack in history, peaking at 1.35 Tbps, the attack vector responsible had been known, though not used, for more than six months. This attack spotlight details the protocol and mitigation of a memcached reflection attack, including:

    • Why memcached has such massive amplification potential, more than 50,000 times the traffic sent
    • The importance of understanding traffic patterns seeking as-yet unused vulnerabilities
    • Previous list of vulnerabilities on IoT and CPE devices
    2020年欧洲杯冠亚军预测 The report contains analysis of attack scripts, sample queries and attack payloads, as well as details of observed memcached attacks and newer reflection methods.

    Read More
  • Threat Advisory: Satori Mirai Variant Alert
    Published December 06, 2017
    Akamai, along with industry peers, has identified an updated variant of Mirai (Satori) that has activated within the past 24 hours and is rapidly growing. In the past 24 hours, Akamai has observed more than 650,000 unique IP addresses, confirming with peers in the industry seeing comparable numbers. This activity expands beyond the brute-force type of attack seen with Mirai exploit activity previously, adding exploits that target multiple vulnerabilities:

    • One new undisclosed vulnerability in HuaweiHomeGateway & CPE devices
    • Existing CVE-2014-836
    • Previous list of vulnerabilities on IoT and CPE devices.
    2020年欧洲杯冠亚军预测 Much of the scanning activity is sourced from Mirai nodes, in the most recent Wproot/Mroot and login variant, from the end of November. The admin/CentryL1nk login variant seems to be concentrated in devices located in Egypt, Ecuador, Tunisia, Argentina, and Colombia.

    Read More
  • Threat Advisory: CLDAP Reflection
    Published April 11, 2017
    The Akamai Security Intelligence Response Team (SIRT) recently identified a new Connection-less Lightweight Directory Access Protocol (CLDAP) reflection and amplification method. This advisory analyzes the capabilities of and potential defenses against this new type of reflection attack.

    Read More
  • Threat Advisory: 2016 State of the Dark Web
    Published February 14, 2017
    2016 was an active year for the dark web. New cryptocurrencies found use alongside Bitcoin (BTC), and the general offerings of the dark web markets shifted significantly. In this threat advisory, readers will be able to learn more about the dark web, what happened in 2016 and what may happen in 2017.

    Read More
  • Threat Advisory: mDNS Reflection DDoS
    Published December 22, 2016 
    The Akamai Threat Research team recently observed an increase in the use of Multicast Domain Name Services (mDNS) in DDoS attacks. The team researched the usage of the protocol and dissects the potential of this relatively new attack vector.

    Read More
  • Threat Advisory: Mirai Botnet
    Published December 21, 2016 
    This advisory provides information about attack events and findings prior to the Mirai code release, as well as those occurring following its release. The advisory will also summarize pertinent research data and ultimately the processes that led to the associated findings.

    Read More
  • Threat Advisory: 2016 Holiday Shopping Advisory
    Published November 22, 2016
    The 2016 holiday shopping season is fast approaching. More and more, shoppers are opting to make their purchases online rather than risk the frothing hordes at brick and mortar stores. With this in mind, now is a good time to review the potential threats retailers' digital properties may run into, and what they can do about them.

    Read More
  • Threat Advisory: Exploitation of IoT devices for Launching Mass-Scale Attack Campaigns
    Published October 11, 2016
    The Akamai's Threat Research team recently reported on a case where millions of Internet-connected (IoT) devices were being used as the source for web based credential stuffing campaigns. When Akamai's Threat Research Team dug a little deeper, they found evidence that these devices were being used as proxies to route malicious traffic due to some default configuration weaknesses in their operating systems.

    Read More
  • Threat Advisory: Kaiten/STD Router DDoS Malware
    Published October 1, 2016
    2020年欧洲杯冠亚军预测 Akamai's Threat Research examines the Kaiten/STD botnet which targets Small Office/Home Office routers, IP Cameras and DVRs to create an Internet of Things-based botnet. This malware is closely related to the Mirai botnet family.

    View Now
  • Case Study: Analysis of XSS Exploitation Through Remote Resource Injection
    Published August 9, 2016
    Akamai's Threat Research breaks down the nature of cross-site scripting (XSS) attacks based on observations of attack triggers across the Akamai Cloud Security Intelligence (CSI) platform.

    View Now
  • Attack Spotlight: 363 Gbps DDoS Attack
    Published July 25, 2016
    2020年欧洲杯冠亚军预测 In-depth analysis of one of the largest confirmed Distributed Denial-of-Service (DDoS) attacks of the year on the Akamai routed solution. This multi-vector attack employed six vectors simultaneously and peaked at 363 Gigabits per second (Gbps).

    View Now
  • Timeline of DDoS Campaigns Against MIT
    Published July 22, 2016
    2020年欧洲杯冠亚军预测 Akamai SIRT reviews and analyzes the of DDoS attack campaigns leveraged against the Massachusetts Institute of Technology (MIT) network during 2016. Since January, the network has been targeted more than 35 DDoS attacks with close to 43% of attack vectors leveraging reflection and amplification attack vectors.

    View Now
  • Medium Risk DDoS Threat Advisory: Trivial File Transfer Protocol (TFTP) Reflection DDoS
    Published June 1, 2016
    A new DDoS reflection and amplification method has been observed abusing Trivial File Transfer Protocol (TFTP), continuing the trend of UDP-based protocols for malicious use.

    View Now
  • High Risk DDoS Threat Advisory: #OpKillingBay Expands Targets Across Japan
    Published April 21, 2016
    Akamai SIRT tracks the resurgence of the malicious actor group operating under the name #OpKillingBay, who over the last three years, have targeted Japanese companies affiliated with whale and dolphin hunting. Since the beginning of 2016, SIRT has seen the group's hacking activities expanded across industries not affiliated directly including automative and even to government domains.

    View Now
  • High Risk DDoS Threat Advisory: BillGates Botnet
    Published April 4, 2016
    Akamai SIRT has been tracking the threat posed by the recently discovered BillGates botnet – an evolving botnet from the XOR family previously reported on last year.

    Disclaimer: The malware was named after Microsoft’s former CEO, Bill Gates based on the fact that it targets Linux machines instead of Windows. However, the malware is not affiliated in any way with Microsoft Corporation or the Founder, Bill Gates.

    View Now
  • DNSSEC Amplification DDoS
    Published February 16, 2016
    2020年欧洲杯冠亚军预测 DNS reflection and amplification DDoS attacks now being observed abusing DNSSEC configured domains-effectively using DNS resolvers as a shared botnet.

    View Now
  • Continuous Uptick in SEO Attacks
    Published January 12, 2016
    2020年欧洲杯冠亚军预测 Attackers are leveraging SQL injection vulnerabilities within websites to inject bogus web content and manipulate Search Engine Optimization (SEO) rankings.

    View Now