Each year at Akamai Edge we update customers on some of the more persistent threats we’ve dealt with in the 12 months prior. Slides detailing the 2013 threat picture are available here. For an idea of what we’ll be sharing at Edge 2014 in a couple weeks, I’ve assembled this primer.
Web Vulnerabilities: Low-Hanging Fruit for DDoSers
About a new Akamai PLXsert whitepaper released last week: “Web Vulnerabilities: The foundation of the most sophisticated DDoS campaigns.”
David Fernandez, head of our Prolexic Security Engineering Research Team (PLXsert), offers additional details on the countermeasures regarding the Linus DDoS threat.
Linux Systems Exploited for DDoS Attacks
Linux users have a new threat to worry about. According to Akamai’s Prolexic Security Engineering Research Team (PLXsert), the bad guys have discovered a weakness in Linux systems they can exploit to expand their botnets and launch DDoS attacks.
On Wednesday, 2014-08-06, the OpenSSL Project disclosed nine low- and moderate-severity vulnerabilities, with details published here. These are vulnerabilities that can potentially impact OpenSSL clients and servers worldwide.
Hackers “Join” World Cup 2014 Matches on the Web
George Orwell once said, “International football is the continuation of war by other means” – as we will demonstrate in this post – Mr. Orwell was spot-on, according to statistics on web application layer attacks collected by Akamai’s Cloud Security Intelligence platform, the 2014 world cup soccer matches spurred sophisticated cyber attacks between soccer-fan-hackers of competing sides.
Highlights of Prolexic Attack Report for Q2 2014
As attacks go, the second quarter of 2014 was quieter than the first. But when you compare the numbers to this time last year, that’s of little comfort. According to Prolexic’s newly-released attack report for Q2 2014, the rate of DDoS attacks rose 22 percent over the second quarter of 2013.
Blackshades RAT is a Serious Threat
Akamai’s Prolexic Security Engineering & Research Team (PLXsert) is warning companies of stealth surveillance and computer hijacking attacks by the Blackshades Remote Administration Tool (RAT) crimeware kit.
State of the Internet: Fewer Attacks Than Previous Quarter
The latest Akamai State of the Internet Report is out. Here’s a look at what we saw on the security front in the first quarter of 2014.
Anonymous Continues Targeting World Cup
In which we monitored attempts by Anonymous and others to cause Internet disruptions during the World Cup. Here’s how those attacks are playing out in the media.
World Cup 2014 Attack Targets
Attack targets were under the gun as soon as the World Cup started.
Threat Advisory: High-Risk Zeus Crimeware Kit
Akamai’s PLXSert team has discovered new payloads from the Zeus crimeware kit in the wild, deeming it “high risk” in an advisory.
Fresh Wave of Online Extortion Attacks Underway
Akamai CSIRT has identified a trend in online extortion that has the potential to impact customer websites and their users.
OpenSSL vulnerability (CVE-2014-0224)
The OpenSSL Project disclosed new vulnerabilities in the widely-used OpenSSL library. These are vulnerabilities that can potentially impact OpenSSL clients and servers worldwide.
PLXsert Eyes Spike in SNMP Reflection DDoS Attacks
Akamai’s Prolexic Security Engineering Response Team (PLXsert) has seen a significant resurgence in the use of Simple Network Management Protocol (SNMP) reflection attacks this past month.
The Brittleness of the SSL/TLS Certificate System
Despite the time and inconvenience caused to the industry by Heartbleed, its impact does provide some impetus for examining the underlying certificate hierarchy. (As an historical example, in the wake of CA certificate misissuances, the industry looked at one set of flaws: how any one of the many trusted CAs can issue certificates for any site, even if the owner of that site hasn’t requested them to do so; that link is also a quick primer on the certificate hierarchy.)
Podcast: CSO Andy Ellis on Heartbleed
By now, most of you are aware of the Heartbleed vulnerability that sent shockwaves through the tech industry. Like many of you, Akamai had to work overtime to ensure our customers were protected. We did that, but as is the case with any large security threat, we continue to be vigilant and, while letting everyone know what we did to keep them secure, we’re looking back at the lessons learned and how to turn it into even better security going forward. The details in this episode are not new, as CSO Andy Ellis has blogged at length about it. I’ve included those links below. But with so many of us working overtime to address Heartbleed, this was my first opportunity to sit down with Andy and discuss it.
FIFA World Cup 2014 was one of the largest multimedia sporting events in history . In-person attendance was estimated at more than three and a half million while hundreds of millions of viewers tuned in via TV, Internet, and radio. Akamai’s online traffic statistics estimate this year’s event to be ten times larger than the 2010 World Cup in South Africa, and two and a half times larger than the Sochi Winter Olympics. In my role as Akamai’s Senior Director of Environmental Sustainability I was curious about the carbon footprint of such a large event, and how digital and analog attendance compared.
Turns out, FIFA has a green side beyond it soccer fields. In a concerted effort to reduce the environmental impact of staging the World Cup it developed the 2014 FIFA World CupTM Sustainability Strategy. As part of that strategy FIFA calculated the carbon footprint of the six weeks-long tournament including construction and operations of the match stadiums and FIFA Fan Fest venues, and team and spectator travel and accommodations. It was estimated at 2.5 million metric tons CO2 equivalent. That’s the equivalent of driving a U.S. car 7.4 billion miles or flying 9.2 billion miles, a fit analogy since international and inter-/intra-city transportation represented 84% of the 2.5 million.
Source: Summary of the 2014 FIFA World Cup Brazil Carbon Footprint
Certainly there would be no World Cup without stadiums to play in and teams to compete. And it wouldn’t be nearly as exhilarating without the frenzied fans cheering from the stands. But what is the carbon impact of bringing the World Cup to more than one hundred million online viewers around the world, tuning in using all manner of connected devices such as smart phones and tablets? Akamai supported live streaming for all 64 matches for more than 50 rights-holding customers reaching over 80 countries, providing us with unique insight into online activity. By tracking the fraction of our network used to stream the matches in each geographic region and overlaying the associated energy consumption and carbon emissions, we were able to estimate the carbon footprint of the server and data center component of online viewing at a lean 100 metric tons CO2 equivalent.
Achieving these impressive results for such a long-term and broadly viewed event is a testament to Akamai’s commitment to reducing our operational impacts. As a result of our efforts to innovate around network productivity and efficiency, our absolute energy consumption and greenhouse gas emissions have decoupled from our network traffic growth, flattening even as our traffic continues to grow exponentially. Although, the digital story doesn’t end here.
A recent study by researchers at Lawrence Berkeley National Laboratory and Northwestern University assessed that the server and data center portion of streaming represents only an astonishing 1% of the total energy and carbon footprint. The balance is attributed to end user last mile and devices, e.g., cable/DSL, modem, wireless router, tablet, computer and monitor, bringing the World Cup’s total digital footprint to 100,000 metric tons CO2e. If we compare just the World Cup attendee portion of the footprint , accounting for travel and accommodations, digital spectatorship is about twenty times more carbon-efficient than being there. And, you get the added benefit of the best seat in the house for every match!
The news is good all around. The Internet, with Akamai’s help, has broadened the accessibility of popular sporting events to people anywhere with Internet connectivity, on any device. Online viewing is much more carbon-efficient than attending in person. And with Akamai’s high-definition anywhere on-any-device streaming, you can enjoy players-in-your-living-room-quality coverage every game.
The 2014 FIFA World Cup soccer tournament took the world by storm. Diehard soccer fans and newbies alike kept an eye on the matches day-in and day-out, at work and at home. The soccer-hungry audience searched for real time updates throughout the month-long tournament. They needed to know what happened on the pitch, and they wanted that info immediately.
Chances are you if you were looking for up-to-date futbol data you went to a site embedded with an infoplum AFP responsive HTML5 application. A real time application by infoplum AFP provided updates on scores, highlights, news, pictures, advanced statistics, profiles, predictive data and even 3D footage of goals exactly what the sports world collectively craved throughout the World Cup. And infoplum AFP relied on Rackspace Cloud Sites to stay up and running throughout the record-breaking traffic the tournament drove.
On the day before the opening ceremonies, the Cloud Sites team saw traffic from the infoplum application reach more than 6 million hits per hour, which is roughly 1,736 hits per second a mind-blowing sum, especially considering it was well before the whistle blew to start the first match.
This was by far the biggest event we have had. Cloud Sites was fundamental to the success of this event, infoplum technical director Trevor George explained.
For this particular FIFA event, infoplum collaborated with Agence France-Presse (AFP) to serve live coverage (data and editorial) on all World Cup matches. This particular application was embedded on 161 websites, which were served to a worldwide audience in more than 20 countries and in more than 15 languages throughout the entire 32-day global soccer phenomenon. This resulted in an astonishing total of 4.1 billion yes, billion web requests. That’s 153 million hits per day and over 100 million pageviews.
infoplum, which was launched as Cadability in 1990, has been a loyal Cloud Sites customer since October 2008, when Cloud Sites was still called by its original name Mosso. Well before the World Cup started and the traffic deluge began, infoplum alerted its Cloud Sites team. The Cloud Sites operations team has expertise in preparing customers and their sites for high traffic events.
The scalability at Cloud Sites has always been there. So I was confident Cloud Sites could handle it, George said.
For this particular event, the Cloud Sites ops team ensured enough nodes were configured in the high capacity cluster for the expected load. Then the Cloud Sites specialists configured the load balancers to have streamlined routes, including dedicated IP addresses to the high capacity cluster.
Cloud Sites support jumped in 110 percent actively monitoring performance, George noted. There are actual people you could talk to, not just an email.
Throughout the entire month, Rackspace engineers closely monitored infoplum’s environment and made any necessary adjustments to ensure the smoothest high traffic event possible.
Congratulations to our dear friends from Australia, infoplum, on an impressive high traffic event, and to the experts of the Rackspace Cloud Sites team for handling its highest super spike in Cloud Sites history.
Learn more about how Cloud Sites can rise to the occasion of any super spike.0
Photo by Christopher Franko
Remember how fun the World Cup was? You can remember it again in this Adidas ad, which features a new song called “Velcro” that plays as Argentinean soccer star Lionel Messi bobs, weaves, and kicks his way through the streets of Barcelona. “Velcro” is from Rustie’s forthcoming album, Green Language, which is out August 26 via Warp. Best New Music and Best New National Pastime, a match made in heaven. Watch it below.
Watch Rustie perform “City Star” at MoMA PS1:
VISTA Worldlink, leader in transmission services including satellite, mobile, fiber optics and streaming services unveiled their new Master Control …
A new report from Needham & Co. argues that digital video, driven by viewing … She notes, for example, that World Cup streaming added 12% to TV …