The Akamai Blog

Ransomware attacks increased by over 150% in 2020. As criminals find new ways to attack networks and systems, protect work-from-home employees with Akamai.

November is here. Now it’s crunch time. Hopefully, implementing the solutions in parts one through three of this series has kept you busy over the last few months. In those articles, we covered security, flash crowd management, disaster recovery, and performance optimization checklists. If you are not in a code freeze yet, work with your Akamai account team to review the content to determine what features you still have time to enable.

Organizations must deploy a remote working strategy that suits the office anywhere model CIOs need to demonstrate leadership as we move out of lockdown into a new model of working in which the office is wherever the employee is. It’s time to build on this initial success and embed a remote working strategy within organizations.

During the pandemic, it was reassuring to see businesses demonstrating resilience and enabling remote working for their employees — in some cases, practically overnight. As businesses slowly reopen their doors, it is clear that many things have changed, key amongst them the increasing risks to the enterprise network as more work is carried out from mobile devices.

For decades, Akamai has been focused on solving tough problems for our customers. We started by addressing the challenges of the “World Wide Wait,” and quickly started to leverage our edge network’s scale, proximity to users, and expert operations staff to mitigate security threats for our customers. Today, Akamai has category-leading solutions including DDoS, web app and API protection, bot management, and Zero Trust Network Access. Given the incredible surge in ransomware attacks, we are excited to be adding Zero Trust segmentation to our portfolio through the acquisition of Guardicore.

Last year, Akamai released research on obfuscation techniques being used by cybercriminals to create malicious JavaScript. The code is unreadable, un-debuggable, and as a result, much more challenging to analyze and detect.

Microsoft Bing today announced the rollout of IndexNow, a new protocol designed in conjunction with Yandex that can allow “websites to easily notify search engines whenever their website content is created, updated, or deleted.” The goal is to reduce the amount of time it takes for search engines to discover and index website changes — a process often measured in days and even weeks — to mitigate traffic loss and the potential adverse effects on customers and even revenues.

Akamai mPulse is a real user monitoring solution, providing detailed information about the user experiences delivered by your web applications. mPulse can be configured within your Akamai property to automatically start collecting data from your customer visits. This initial setup will gather the data required to use advanced features in Adaptive Acceleration such as Script Manager, Automatic Server Push, and Automatic Preconnect.

Breaking news: we just completed an 850-user pilot with Akamai MFA. In this blog, the first in a series, I’ll explain why we switched to Akamai MFA, how we ran our pilot, and employee feedback so far. Check back for my next blog, when we’re midway through our global deployment. A burglar checks for open windows. Neglecting to lock just one is like leaving the door wide open. In the same way, cyber attackers look for the easiest user accounts to take over — whether that’s network access credentials, email, on-premise applications, or cloud/SaaS applications. If they’re lucky, they can also use the stolen credentials to breach other systems, an action known as lateral movement.

On September 29, Ash Daulton, along with the cPanel Security Team, reported a path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.29 to the Apache security team. The issue was fixed within two days, under CVE-2021-41773, and the patch was released on October 4. Apache urged to deploy the fix, as it is already being actively exploited.

Every day, Akamai’s Threat Research team tracks and mitigates phishing attack campaigns to help keep our customers — and their reputations — protected. Recently, they tracked an orchestrated attack campaign comprising more than 9,000 domains and subdomains, mainly targeting victims located in China. The phishing scam was abusing more than 15 high-profile and trusted brands spanning ecommerce, travel, and food & beverage industries. By using well-known brand names, the threat actors attempted to engage victims to participate in a quiz that, once completed, would result in winning an attractive prize. Akamai refers to this malicious modus operandi as a “question quiz” phishing attack campaign.

DDoS and AppSec attacks impacting the ANZ region (Australia and New Zealand) have been in the headlines of late, with several high profile companies seeing prolonged outages and leading to speculation as to whether the region is being specifically targeted? Let’s take a closer look at the types of attack vectors and malicious activity we’ve seen focused on customers down under.

Think how many websites you visit or videos you stream. Do you check your bank account or transfer money, download apps, play music, share updates on social media, or use the internet for any of the thousands of other digital experiences it enables every day?

A lot has already been written about the Facebook outage earlier this week. In case you missed it (if that’s possible), Facebook, Facebook Messenger, Instagram, and WhatsApp were all down for several hours on Monday. Facebook provided an update on the cause of the outage late Monday, citing a configuration change on their backbone routers as the root cause, with additional details in a subsequent blog post.

Understand why it's important to refine your organization’s approach. See how to enact a security model that protects your business and enables growth.

As I took on the role of Chief Marketing Officer of Akamai earlier this year, I set out to inspire and challenge our teams to build an impactful global campaign that showcases not just what we do, but what we make possible. What quickly became clear is that to be authentic in talking about what we make possible, we first needed to get crystal clear on our why — WHY our company exists, and what our greater impact on the world is.

October is here, and that means we are less than two months away from the busiest weekend of the year. Parts one and two of the Holiday Readiness blog series covered topics ranging from security checklists to disaster recovery strategies and flash crowd management. If you haven’t had a chance to review those topics and checklists, now is a critical time to start to ensure you are ready for the traffic rush the holiday season brings.

This post covers the details of CVE-2021-40683 (CVSS 6.5), the vulnerability impacting the Akamai Enterprise Application Access (EAA) Client running on Windows systems, for which Akamai has provided a patch to its customers.

Ransomware is everywhere. And the shift of workloads to the cloud and employees to work-from-home models has only expanded the attack surface, creating new opportunities for attackers to leverage. Companies need Zero Trust solutions that not only defend against threat actors gaining access to enterprise systems, but also mitigate the impact of infections that slip through the cracks.

What do hay storage, Akamai’s Edge Connect solution, and machine learning have in common? We use the serverless machine learning system to keep our hay storage safe and secure.