Cybersecurity researchers say these were the major internet security events of 2019
Numerous incidents of data breaches and privacy scandals are reported on a daily basis around the world. Globally, India ranks six as a source area for ‘Application Attacks’, whereas it ranks four as a ‘Credential Abuse’ attack source. Hence, there is a greater need for security professionals to work behind the scenes to fend off vulnerabilities, bots, and other threats. Akamai’s State of the Internet/Security (SOTI) report covers a wide range of security issues from DDoS, application attacks and phishing to credential stuffing, gaming abuse and attacks on financial services. As a global group of researchers, Akamai believes in the value of research and publication. The SOTI report and its research are excellent marketing materials. This research has also helped Akamai in building its reputation as a security company. Based on data gathered from the Akamai Intelligent Edge Platform the report provides expert insights on the cloud security and web performance landscape.
Here are the highlights from the past 12 months
October 2018
For the month of October, Akamai addressed how data breach is affecting millions of people on Facebook followed by a blog post on the security response headers and why business leaders and security managers should care about them. Larry Cashdollar from Akamai Technologies published a blog describing phishing websites - how they are used, and ways through which users can protect themselves. He also wrote a blog reporting the vulnerability surrounding jQuery file upload which had the potential to affect 7,800 projects.
November 2018
Akamai published a blog discussing third-party vulnerability assessments on the Akamai Intelligent Edge Platform and the existence of false-positive results that could lead to confusion. It was followed by an in-depth report on steps to take to protect yourself from Magecart attacks, and a detailed look into a phishing scam with 78 different variations.
December 2018/January 2019
DDoS and Application Attacks
- Experts in Akamai’s SOCC saw 4 billion requests impact a major website and dug into the real cause
- Akamai took a deep dive into the topic of retail bots and how All-in-One (AIO) applications can seriously impact online sales and promotions. Bots are big money for attackers, and they’re constantly evolving to circumvent new defenses. One attacker offered 15,000 USD in his search for developers with experience in targeting specific company defenses
February 2019
Retail Attacks and API Traffic
- Akamai observed 10 billion credential stuffing attempts against the retail sector between May and December 2018. The report also dug into AIO bots in the retail sector, API security, and potential IPv6 problems. An analysis of Akamai’s ESSL network revealed an 83 per cent to 17 per cent split between API and HTML traffic on its secure content delivery network (CDN)
March/April 2019
Credential Stuffing — Attacks and Economies
- This special edition of the SOTI report mentioned that three of the largest credential stuffing attacks against streaming services in 2018, which ranged in size from 133 million to 200 million attempts, took place soon after data breaches were reported, meaning the attackers were trying to take advantage of newly obtained credentials
May/June 2019
Web Attacks and Gaming Abuse
- This edition of the SOTI report focused on gaming and the criminal economy behind it
- Akamai observed 55 billion credential stuffing attacks over 17 months, and 12 billion of them were aimed directly at the gaming industry
- SQLi is the top threat when it comes to web application risks, accounting for nearly two-thirds of all attacks
July 2019
Financial Services Attack Economy
- This edition of the SOTI report explored how the attacks and tools being used against financial services are part of a larger, more complex ecosystem. The report looked inside criminal markets and examined how they target financial organizations, as well as what happens after a successful attack
August/September 2019
Media Under Assault
- From January 2018 until June 2019, Akamai recorded more than 61 billion credential stuffing attempts and more than 4 billion web application attacks
- This edition of the SOTI report followed up on the credential stuffing activities, with a detailed look at how they impact media and technology companies
Phishing: Baiting the Hook
- This edition of the SOTI report focused on data from Akamai’s own internal tracking on phishing attempts that targeted its employees
- According to Akamai’s monitoring, High technology is the top industry targeted by phishing. Microsoft, PayPal, DHL, Dropbox, DocuSign, and LinkedIn are all top targets for phishing attempts
--Press Release--