An insightful discussion with Akamai’s Fernando Serto, Head of Security Technology & Strategy and James Tin, Principal Enterprise Security Architect each working in the Asia Pacific & Japan region.
Following Fernando’s Summit presentation – ‘Securing the modern enterprise with a modern approach’, Fernando outlines Akamai’s enterprise security solutions, with a focus on secure application access. We also discuss the Akamai 2018 State of the Internet Report, dive into current trends around Web Proxy Auto-Discovery (WPAD), Distributed Denial of Service (DDoS) and enterprise security architecture requirements.
WPAD is a protocol that allows computers in a local network to automatically discover which web proxy they should use. The web proxy is defined through a JavaScript file called proxy auto-config (PAC). The risk posed by the WPAD protocol is that attackers can abuse it to discover the location of the PAC file on a local machine. With this information, attackers can then replace it with an “alternative” PAC file, which specifies a rogue web proxy address under the attacker’s control. When that occurs, all communication from the device can be intercepted and modified (including encrypted HTTPS traffic). In other words, WPAD opens the door for a Man-in-the-Middle attack.
2018 State of the Internet-Security Report highlights:
- The report analysed data from more than 14 trillion DNS queries collected by Akamai between September 2017 and February 2018 from communications service provider (CSP) networks around the world.
- “Javascript Cryptominers: A Shady Business Model” – Akamai observed two distinct business models for large-scale crypto-mining, one of them that uses code embedded into content sites that make devices that visit the site work for the cryptomine.
- Malware authors are branching out to the collection of social media logins in addition to financial information – Terdot, a branch of the Zeus botnet, creates a local proxy and enables attackers to perform cyber-espionage and promote fake news in the victim’s browser.
- The Lopai botnet is an example of how botnet authors are creating more flexible tools – This mobile malware mainly targets Android devices and uses a modular approach that allows owners to create updates with new capabilities.
Recorded at the Cyber Threat Intelligence Summit 2018, Grace Hotel, Sydney 3 May 2018 #CTI2018