XOR DDoS Malware | Cloud Security Threat Advisory | Slideshow

https://www.stateoftheinternet.com/resources-web-security-threat-advisories-2015-xor-ddos-attacks-linux-botnet-malware-removal-ddos-mitigation-yara-snort.html Recently the Akamai Security Intelligence Response Team (SIRT) released its analysis of the XOR DDoS threat, Trojan malware used to infect and hijack Linux-based systems. Attacks from the XOR DDoS botnet have ranged from low, single-digit Gbps attacks to 150+ Gbps. Watch this brief slideshow for the fast facts, and then get detection and mitigation recommendations from the full XOR DDoS Threat Advisory at www.stateoftheinternet.com/xorddos.

Slideshow: Q2 2015 Onion Router Threat Analysis from StateoftheInternet.com

The Onion Router (Tor) concept has provided anonymity for US Navy intelligence as well as individuals concerned with privacy or institutional censorship. Because it makes tracking the originating IP address nearly impossible, Tor has also attracted malicious actors exploiting anonymity to launch attacks on business websites. Akamai analysis of Tor traffic helps enterprises assess how to mitigate this risk, whether by total blocking or with enhanced scrutiny. See this brief slideshow for details on Akamai’s threat evaluation. For more information and statistics on web security, download the Q2 2015 State of the Internet – Security report at http://akamai.me/1kIdqzC

Slideshow: Q2 2015 Web Application Attacks and WordPress Vulnerabilities from StateoftheInternet.com

Massive Shellshock attacks and an increase in SQLi attacks characterized the web application attack landscape in the second quarter of 2015. For this quarter’s Security Report, Akamai analyzed nine common web application attack vectors, including Shellshock and SQLi as well as LFI, FRI, PHPi, CMDi, JAVAi, MFU, and XSS. See statistics and analysis and get information on attacks exploiting WordPress plugin vulnerabilities in this brief slideshow. For full details on these and other web security threats, download the Q2 2015 State of the Internet – Security report at http://akamai.me/1NeqxFl 

Slideshow: Q2 2015 Security Statistics and Trends from StateoftheInternet.com

For the third quarter in a row, DDoS attacks have doubled compared to the previous year. The total number of DDoS attacks observed in Q2 2015 set a record, as attacks became both more frequent and longer lasting. Find out the latest statistics and analysis on cybersecurity trends including attack volume and duration, DDoS attack patterns, targeted industries, this quarter’s multi-vector mega-attacks, and more. Watch this brief slideshow for the fast facts, and then get all the details from the full Q2 2015 State of the Internet – Security Report at http://bit.ly/1JSShXK.

Website Defacement & Domain Hijacking on the Rise: Cloud Security Threat – State of the Internet

In today’s business climate, your website is your brand, your public face and your business platform. Now imagine if attackers were to hijack your website and replace your content with something offensive, illegal, inflammatory or embarrassing. Website defacement, where attackers replace your website’s content so users see what the attackers want, can be devastating for your business.  And these types of attacks are on the rise.  Read this short article to learn more about this cloud security threat and then get all the details in the full Q1 2015 State of the Internet Security Report at http://bit.ly/1KfWTrG

Q1 2015 DDoS and Web Application Attack Stats & Trends from stateoftheinternet.com

DDoS attacks are on the rise, according to the Q1 2015 State Of The Internet - Security Report, with Akamai reporting a record number of DDoS attacks recorded on the PLXrouted network – more than double the number reported in the first quarter of 2014. However, the profile of the typical attack has changed, with attackers favoring relatively low-bandwidth attacks (typically less than 10 Gbps) but long durations (typically more than 24 hours). Get the fast facts in this presentation, and then get all the details from the full Q1 2015 State of the Internet – Security report at http://bit.ly/1KfWTrG.

Cruel SQL Injection | Web Application Attacks | Summary

Malicious actors continue to deploy SQL injection (SQLi) attacks to carry out their cybercriminal activities. The Threat Research team at Akamai designed a technique to categorize these attacks by examining attack payloads and determining the intent behind each attack. They analyzed 8 million SQLi attacks over a seven-day study period from Akamai's Kona Site Defender web application firewall (WAF) and distilled the information, identifying the observed attacks and their goals, as well as pertinent attack stats from the study. This presentation offers a quick view of the results. Get more details in the full State of the Internet Security Report at http://bit.ly/1KfWTrG

deck

Slideshow: Q1 2015 Security Implications for IPv6 from StateoftheInternet.com

http://www.stateoftheinternet.com/resources-web-security-2015-q1-internet-security-report.html?utm_source=3rdParty.utm_medium=NationalPositions.utm_campaign=PRS-ARQ115-IPv6 As IPv4 exhaustion draws closer, more and more users are adopting IPv6. Despite many benefits of IPv6, the increase in address space creates new security vulnerabilities. Transition technologies that bridge IPv4 and IPv6 also have the potential to create security gaps. View this short presentation, and then get all the details from the full Q1 2015 State of the Internet – Security report at http://bit.ly/1fGly0N

Q4 2014 Security Report | Botnet Profiling Technique | Presentation

Using data from the Akamai Intelligent PlatformTM, Akamai has developed a new analysis technique for web application layer botnets. By locating WAF triggers related to both Remote File Inclusion attacks and OS Command Injection attacks, researchers used aggregated results to map multiple botnets operating in the studied time period.  Viewing the data in this manner yielded additional insight into the botnets and their respective capabilities. This presentation offers a summary of this technique as excerpted from the State of the Internet Q4 2014 Security Report. Watch this slideshow and then get more details at  http://bit.ly/1GEbAZ9

deck

Developers are employing bots, spiders and scrapers with increasing frequency to gather and utilize information gleaned from websites. Bots and scrapers can be divided into four categories, depending on desirability and aggressiveness. Knowing and understanding the different categories and how to mitigate the risks they pose is an important component of a web security strategy. Learn more about how to evaluate which bots to allow access to your company’s website in this summary presentation, and then download the full report at www.stateoftheinternet.com/security-reports

Q4 2014 Spotlight: Lizard Squad| Presentation

With repeated attacks of multiple TCP flags, Lizard Squad launched several attacks late in 2014 against an Akamai customer. View this presentation for the details of the attacks and their significance, then download the full quarterly security report at  www.stateoftheinternet.com/security-reports

Q4 2014 Web Security Report | Analysis and Emerging Trends | Summary

http://www.stateoftheinternet.com/security-cybersecurity-network-security.html Offering a concise and easy-to-read summary of the latest security stats, analysis and emerging trends from Q4 2014, this document gives a quick overview of the quarter’s security-related news. Covering valuable data on attack numbers, types and size, as well as source countries, attack vectors and targeted industries, this document also provides insight into some of the emerging trends, risks and challenges facing cyber security.

Shellshock (Bash bug) Vulnerability | DDoS Botnet | Presentation Slideshow

http://www.akamai.com/stateoftheinternet/ | Shellshock is a critical vulnerability in GNU Bash systems that allows attackers to infiltrate systems and using them to infect others, launch DDoS attacks, share sensitive data, and run programs. Learn how you can protect your computer and your sensitive information from this severe cybersecurity threat in this short slide presentation, then download the full threat advisory at: http://bit.ly/1wEUSkv

Q3 2014 Record-Breaking 321 Gbps DDoS Attack from StateoftheInternet.com

Longer attacks and more bandwidth consumption were a leading DDoS trend in Q3 2014. View this short presentation about a major DDoS attack campaign that exemplifies this DDoS trend, and then get all the details from the full Q3 2014 State of the Internet – Security report at http://bit.ly/1t7w6ts

Slideshow: Q3 2014 SSDP UPnP Devices DDoS Attacks from StateoftheInternet.com

Unmonitored routers, wearables and other Internet-enabled devices give cybercriminals a new means of DDoS attack. Learn how SSDP and UPnP protocols leave these devices open to abuse and find out what you can do to protect your organization. View this short presentation, and then get all the details from the full Q3 2014 State of the Internet – Security report at http://bit.ly/1t7w6ts

Spike Toolkit: A New DDoS Threat

http://stateoftheinternet.com/spike | Most botnets target just one kind of system. The Spike DDoS toolkit – the forefront of an Asian crimeware trend – targets not only Linux and Windows system, but takes aim at a new source of bots: Embedded systems. A never-before-seen payload threatens to infect routers, CPE equipment, and even Internet of Things appliances such as smart thermostats and washer/dryers. In this short, 10-slide presentation, learn what you need to know to protect your network: stateoftheinternet.com/spike

Yummba Webinject Tools Crimeware Threat

http://www.stateoftheinternet.com/ | Attackers have created a new threat to financial data integrity and bank fraud. Bank and financial institution customers whose personal machines have been infected with the Zeus cybercrime malware provide an appealing platform for further exploitation by Yummba webinject tools. Yummba’s robust toolkit allows malicious actors to steal customer data as well as their bank account funds. Learn how you can protect your customers and your business from this high-risk cybersecurity attack toolkit in this summary presentation: http://bit.ly/1GBWuUg

IptabLes and IptabLes DDoS Bot Threat

http://www.stateoftheinternet.com/security-cybersecurity-ddos-protection-ddos-mitigation.html | Unprotected Linux machines are vulnerable to a new cybercrime threat. Vulnerable servers can be infected with IptabLes and IptabLex bot malware, allowing malicious actors to remotely control those machines and use them to launch large-scale DDoS attacks. Learn how you can protect your computer and your network from this high-risk cybersecurity attack toolkit in this summary presentation, then download the full threat advisory at http://bit.ly/1Ct9B4b

Q3 2014 Cybersecurity Stats & Trends from StateoftheInternet.com

http://www.stateoftheinternet.com/security-cybersecurity-ddos-protection-ddos-mitigation.html | Record-setting attacks and giant leaps in bandwidth headed the DDoS trends for Q3 2014. View this short presentation, and then get all the details from the full report at http://bit.ly/1533Pvp

Slideshow: Q3 2014 Phishing Attacks Against Third-Party Content

http://www.stateoftheinternet.com/security-cybersecurity-ddos-protection-ddos-mitigation.html  A high-profile phishing campaign by the Syrian Electronic Army (SEA) illustrates the growing threat posed by phishing attacks. By targeting third-party content providers, SEA vandalized popular media websites. Learn about more about phishing attacks, how to prevent them and how to mitigate them in this short presentation, and then get all the details from the full Q3 2014 State of the Internet – Security report at http://bit.ly/1t7w6ts

Blackshades RAT: A Dangerous, Powerful Crimeware Kit Submission File Approved

http://www.stateoftheinternet.com/resources-web-security-threat-advisories-2014-blackshades-rat.html | The stealthy Blackshades Remote Access Tool makes it all too easy for malicious actors to infect computer with a powerful and multifeatured trojan. Once infected, attackers can monitor audio and video, look through webcams, capture screens, log keystrokes, and a wide variety of other dangerous features. Learn how you can protect your computer and your sensitive information from this severe cybersecurity threat in this short slide presentation.

SSDP Reflection Attacks | DDoS Threat Advisory | Excerpts

SSDP DDoS reflection attacks use plug-and-play devices to massively boost the power of a DDoS attack. The latest such attack, discovered in the summer of 2014 harnesses millions of unsecured network devices such as printers, routers, and smart TVs.  Read these excerpts for more, then download the full threat advisory atwww.stateoftheinternet.com/ssdp.