The Akamai Blog

Continuing with our research into CVE-2021-44228, Akamai has previously written about what the vulnerability is and given recommendations on how to go beyond patching for extra protection. Across the Akamai network, we see traffic from 1.3 billion unique devices daily, with record traffic of 182 Tbps. The threat research team has been investigating this traffic to gain deeper insights into how this vulnerability is being exploited. We want to share more technical findings and what they mean for threat hunters. Here are some implications for defenders and threat hunters to consider

Our new normal has ushered in the advent of hybrid events — a mix of in-person and virtual events. This has made seamless live streaming with active participation of the audience, both live and remote, more important than ever. Amsterdam-headquartered company Livery is an end-to-end SaaS solution running on the Akamai content distribution network (CDN), which is perfectly suited for interactive sports, interactive learning, and live commerce productions. We’re delighted that they have chosen to work with us to deliver the experience their clients have come to love.

Magecart skimmers are here to stay, and they’re becoming more sophisticated, more creative, and harder to detect. In this post, we reveal a new skimmer infrastructure that targets ecommerce sites all over the world with advanced methods of detection evasion and obfuscation.

Akamai has been monitoring the rapidly evolving developments of CVE-2021-44228. We have been working closely with our customers and internal application teams to mitigate the risks posed by the threat of unauthorized remote code execution. This includes deploying an update to our existing Apache WAF rules to include mitigation for this Zero Day CVE, and updating the Log4j library to version 2.15.0 or later.

See how Akamai helped open-source logging library Log4j fight against a critical unauthenticated remote code execution (RCE) vulnerability and reduce customer exposure.

We’re proud to announce the 1.0 release of the Property Manager extension to Visual Studio Code and Eclipse. With the new Property Manager extension, you can edit and validate Property Manager API (PAPI) JSON rule trees right from your integrated development environment (IDE). It allows you to make and validate critical changes to your configuration closer to your DevOps environment. Once you've updated and validated the configuration file in your IDE, you can easily push it back to the platform with PAPI or Akamai command-line interface (CLI).

One aspect of resilience on the internet is that things — notably servers and resources — move around. Sometimes moves are legitimate, such as when a popular site evolves from hosting their own website to moving to a cloud provider to using a CDN to handle the ever-increasing traffic. Sometimes the moves are not legitimate, such as when an attacker pretends to be an ecommerce or banking site and steals a user’s credentials upon login. How can the end user tell the difference between legitimate and not-so-legitimate moves?

What a year 2021 has been. Even as the world continues to re-open to various degrees, we’re still feeling the impact from 2020’s move to an almost completely virtual world. Many large companies are shifting to a hybrid model, mixing the ability to work from home with working in the office. Some are even offering their employees the opportunity to work remotely indefinitely. There is no denying that the way we work, bank, play, and relax has been impacted by COVID-19. Shouting “pivot” may have shot into popular culture in the TV show Friends, but it’s a rallying cry that’s been revived in the 2020s by businesses, individuals, and criminals alike.

What a year 2021 has been. Even as the world continues to re-open to various degrees, we?re still feeling the impact from 2020?s move to an almost completely virtual world. Many large companies are shifting to a hybrid model, mixing the ability to work from home with working in the office. Some are even offering their employees the opportunity to work remotely indefinitely. There is no denying that the way we work, bank, play, and relax has been impacted by COVID-19. Shouting ?pivot? may have shot into popular culture in the TV show Friends, but it?s a rallying cry that?s been revived in the 2020s by businesses, individuals, and criminals alike.

Wedia makes it possible for some of the world’s biggest companies to effectively manage, customize, and deliver their marketing assets. Akamai is delighted that this fantastic brand has chosen us to deliver a rich and engaging web experience for its customers while also ensuring the highest level of security for the great array of multimedia assets stored on their platform by a number of Fortune 500 companies.

Online retail traffic that Akamai delivered during Cyber Monday was up 5% globally compared to Cyber Monday 2020 and 31% compared to average Monday traffic.

Akamai was founded to give the brightest minds somewhere to grow – and by surrounding ourselves with supportive individuals and an open culture, we can all bring our best, every day. It’s for this reason that our commitment to inclusion, diversity, and engagement is a key cornerstone of how we operate. Not as an objective or goal to be achieved, but as a journey of continuous learning and improvement that we can all benefit from, individually and collectively.

Online retail traffic that Akamai delivered during Black Friday was up 2% globally compared to Black Friday 2020 and 14% compared to average Friday retail traffic. The modest year-over-year increase can be attributed to the significant rise in 2020 traffic due to COVID-19–related lockdowns and restrictions that kept many shoppers out of physical stores.

We are pleased to announce that DataStream 2 is now available for all our customers. DataStream 2 provides customers with detailed log data from requests on the Akamai Intelligent Edge Platform within minutes. DataStream 2 gives customers unparalleled visibility into events at the Akamai edge and puts developers first by empowering them with the data needed to support critical operations.

Encouraging and supporting open discussions about disability and mental health at work. We define disability as a condition that affects everyday activities — physically, cognitively, and/or neurologically. In Reach helps the Akamai community understand what disability means in the workplace. As a team, we also ensure disabled colleagues have the support they need to thrive – so that success is always "in reach."

Do you remember the first time you made an online purchase? Me neither. I’ve made so many online purchases over the years, and I’ve probably made more in the past 18 months than in the past 5 years combined.

Anyone running a business is likely familiar with the phrase “building the plane as you’re flying it.” And through the craziness of the past 19 months, many of us lived the phrase, becoming pilots and engineers of our new realities overnight.

Here’s what I know: My personal email has been “pwned” or stolen at least 18 times. Here’s what I don’t know: if any of the times I have been unable to log in to one of my OTT subscription services was due to my kids sharing our credentials or because of an account takeover — that kill chain that starts with harvesting stolen username/password combinations and then testing them via a credential stuffing attack.