Akamai Technologies, Inc.

AKAM

US00971T1016

IT Services & Consulting

Real-time Estimate Cboe BZX Other stock markets 03:48:09 2024-04-23 pm EDT			5-day change	1st Jan Change
101.7 ^USD	+0.84%		+0.66%	-13.81%

Apr. 18	Corero expands product portfolio with launch of hybrid solution	AN
Apr. 18	Corero Network Security plc Launches DDos Cloud-Backup Service Powered by Akamai Technologies	CI

Akamai Technologies : XOR DDoS Botnet Launching 20 Attacks a Day From Compromised Linux Machines, Says Akamai

September 29, 2015 at 06:31 am EDT

CAMBRIDGE, Mass., Sept. 29, 2015 /PRNewswire/ --


    --  New threat advisory profiles several recent attack campaigns from the
        XOR DDoS botnet
    --  The XOR DDoS botnet has grown and is now capable of mega DDoS attacks of
        150+ Gbps
    --  90% of the DDoS attacks from the XOR DDoS botnet targeted organizations
        in Asia

Akamai Technologies, Inc. (NASDAQ: AKAM), the global leader in content delivery network (CDN) services, published today a new cybersecurity threat advisory from the company's Security Intelligence Response Team (SIRT). Attackers have developed a botnet capable of 150+ gigabit-per-second (Gbps) distributed denial of service (DDoS) attack campaigns using XOR DDoS, a Trojan malware used to hijack Linux systems. The advisory detailing this threat in full, including DDoS mitigation payload analysis and malware removal information, is available for download here at http://www.stateoftheinternet.com/xorddos.

http://photos.prnewswire.com/prnvar/20100225/AKAMAILOGO

What is XOR DDoS?

XOR DDoS is a Trojan malware that infects Linux systems, instructing them to launch DDoS attacks on demand by a remote attacker. Initially, attackers gain access by brute force attacks to discover the password to Secure Shell services on a Linux machine. Once login has been acquired, the attackers use root privileges to run a Bash shell script that downloads and executes the malicious binary.

"Over the past year, the XOR DDoS botnet has grown and is now capable of being used to launch huge DDoS attacks," said Stuart Scholly, senior vice president and general manager, Security Business Unit, Akamai. "XOR DDoS is an example of attackers switching focus and building botnets using compromised Linux systems to launch DDoS attacks. This happens much more frequently now than in the past, when Windows machines were the primary targets for DDoS malware."

XOR DDoS Denial of Service Attacks

Akamai SIRT's research showed that the bandwidth of DDoS attacks coming from the XOR DDoS botnet ranged from low, single-digit Gbps to 150+ Gbps - an extremely large attack size. The most frequent target was the gaming sector, followed by educational institutions. The botnet attacks up to 20 targets per day, 90% of which were in Asia. Of the DDoS attacks from the XOR DDoS botnet Akamai has mitigated, several examples documented on August 22-23 are profiled in the threat advisory. One of the attacks was nearly 179 Gbps, and the other was almost 109 Gpbs. Two attack vectors were observed: SYN and DNS floods.

The IP address of the bot is sometimes spoofed, but not always. The attacks observed in the DDoS campaigns against Akamai customers were a mix of spoofed and non-spoofed attack traffic. Spoofed IP addresses are generated such that they appear to come from the same /24 or /16 address space as the infected host. A spoofing technique where only the third or fourth octet of the IP address is altered is used to prevent Internet Service Providers (ISPs) from blocking the spoofed traffic on Unicast Reverse Path Forwarding (uRPF)-protected networks.

DDoS mitigation of XOR DDoS attacks

Identifiable static characteristics were observed, including initial TTL value, TCP window size, and TCP header options. Payload signatures such as these can aid in DDoS mitigation. These are available in the threat advisory. In addition, tcpdump filters are provided to match SYN flood attack traffic generated by this botnet.

How to detect and remove XOR DDoS malware

The presence of XOR DDoS can be detected in two ways. To detect this botnet in a network, look for communications between a bot and its C2 using a Snort rule provided in the advisory. To detect infection of this malware on a Linux host, the advisory includes a YARA rule that pattern matches strings observed in the binary.

XOR DDoS is persistent - it runs processes that will reinstall the malicious files if they are deleted. Therefore removing the XOR DDoS malware is a four-step process for which several scripts are provided in the advisory:


    1. Identify the malicious files in two directories.
    2. Identify the processes that promote persistence of the main process.
    3. Kill the malicious processes.
    4. Delete the malicious files.

Akamai continues to monitor ongoing campaigns using XOR DDoS to launch DDoS attacks. To learn more about the threat, malware removal and DDoS mitigation techniques, please download a complimentary copy of the threat advisory at www.stateoftheinternet.com/xorddos.

About Akamai Security Intelligence Response Team (SIRT)

Focused on mitigating malicious global cyber threats and vulnerabilities, the Akamai Security Intelligence Response Team (SIRT) conducts and shares digital forensics and post-event analysis with the security community to proactively protect against threats and attacks. As part of its mission, the Akamai SIRT maintains close contact with peer organizations around the world and trains Akamai's Professional Services and Customer Care teams to both recognize and counter attacks from a wide range of adversaries. The research performed by the Akamai SIRT helps to ensure Akamai's cloud security products are best of breed and can protect against any of the latest application layer threats impacting the industry.

About Akamai

As the global leader in Content Delivery Network (CDN) services, Akamai makes the Internet fast, reliable and secure for its customers. The company's advanced web performance, mobile performance, cloud security and media delivery solutions are revolutionizing how businesses optimize consumer, enterprise and entertainment experiences for any device, anywhere. To learn how Akamai solutions and its team of Internet experts are helping businesses move faster forward, please visit www.akamai.com or blogs.akamai.com, and follow @Akamai on Twitter.

Logo - http://photos.prnewswire.com/prnh/20100225/AKAMAILOGO




    Contacts:

    Rob Morton                Tom Barth

    Media Relations           Investor Relations

    617-444-3641       --or-- 617-274-7130

    rmorton@akamai.com        tbarth@akamai.com

To view the original version on PR Newswire, visit:http://www.prnewswire.com/news-releases/xor-ddos-botnet-launching-20-attacks-a-day-from-compromised-linux-machines-says-akamai-300150442.html

SOURCE Akamai Technologies, Inc.

Latest news about Akamai Technologies, Inc.

Corero expands product portfolio with launch of hybrid solution	Apr. 18	AN
Corero Network Security plc Launches DDos Cloud-Backup Service Powered by Akamai Technologies	Apr. 18	CI
Akamai Technologies Rolls Out New Cloud-Based Offering for Video Processing Optimization	Apr. 15	MT
Akamai Technologies, Inc Adds New Media-Optimized Offering Based on NVIDIA GPUs to its Growing Cloud Portfolio	Apr. 15	CI
Akamai Expands Offerings in Hybrid DNS Infrastructure Security with Shield NS53	Apr. 09	CI
Akamai Technologies Inc Files a Definitive Proxy Statement	Mar. 28	CI
EARNINGS: Mosman loss wider on production fail; PipeHawk "optimistic"	Mar. 27	AN
Akamai Technologies Insider Sold Shares Worth $1,575,233, According to a Recent SEC Filing	Mar. 22	MT
Akamai Technologies Insider Sold Shares Worth $908,734, According to a Recent SEC Filing	Mar. 19	MT
Akamai Technologies Insider Sold Shares Worth $432,360, According to a Recent SEC Filing	Mar. 19	MT
Akamai Technologies Insider Sold Shares Worth $489,285, According to a Recent SEC Filing	Mar. 15	MT
Akamai Technologies Insider Sold Shares Worth $514,168, According to a Recent SEC Filing	Mar. 12	MT
Akamai Technologies Insider Sold Shares Worth $1,210,769, According to a Recent SEC Filing	Mar. 12	MT
Akamai Technologies, Neural Magic Partner to Deploy Deep Learning AI	Mar. 12	MT
Akamai and Neural Magic Partner to Accelerate Deep Learning Ai	Mar. 12	CI
Akamai Technologies Insider Sold Shares Worth $2,441,394, According to a Recent SEC Filing	Mar. 08	MT
North American Morning Briefing : Stock Futures -2-	Mar. 08	DJ
Akamai Technologies Shares Rise Following Baird Upgrade	Mar. 07	MT
Good signals from central banks	Mar. 07
Baird Upgrades Akamai Technologies to Outperform From Neutral, Raises Price Target to $135 From $128	Mar. 07	MT
ANALYST RECOMMENDATIONS : AMD, Micron Technology, Snowflake, Zoom, Okta...	Mar. 07
Akamai Technologies Insider Sold Shares Worth $1,293,702, According to a Recent SEC Filing	Mar. 06	MT
Akamai Technologies Insider Sold Shares Worth $678,063, According to a Recent SEC Filing	Mar. 06	MT
Transcript : Akamai Technologies, Inc. Presents at 45th Annual Raymond James Institutional Investors Conference 2024, Mar-06-2024 09:15 AM	Mar. 06
Akamai Technologies Insider Sold Shares Worth $663,600, According to a Recent SEC Filing	Mar. 05	MT

Chart Akamai Technologies, Inc.

Duration

Period

More charts

Company Profile

Akamai Technologies, Inc. is the world's No. 1 supplier of Internet applications and content distribution acceleration services. The activity is organized primarily around 3 areas: - content distribution: transmission, storage, and management of data flows, media content, electronic applications, etc.; - development of applications on Internet sites: applications for recording user visits to sites, research, etc.; - other: data management, distribution control, application performance measurement, secure content transmission, etc. At the end of 2023, the group had a platform of more than 350,000 servers interconnected to more than 1,300 Internet access supplier networks worldwide. The United States account for 51.7% of net sales.

Sector

IT Services & Consulting

Calendar

2024-05-09 - Q1 2024 Earnings Release

Related indices

S&P 500

More about the company

Income Statement Evolution

More financial data

Analysis / Opinion

Akamai CEO Tom Leighton moves away from legacy business

February 14, 2024 at 02:26 pm EST

More Strategies

Ratings for Akamai Technologies, Inc.

Trading Rating

Investor Rating

ESG Refinitiv

B+

More Ratings

Analysts' Consensus

Sell

Buy

Mean consensus

OUTPERFORM

Number of Analysts

Last Close Price

100.9 USD

Average target price

127.2 USD

Spread / Average Target

+26.08%

Consensus

EPS Revisions

Estimates Revisions

Quarterly earnings - Rate of surprise

Company calendar

Sector Other IT Services & Consulting

	1st Jan change	Capi.
AKAMAI TECHNOLOGIES, INC.	-13.81%	15.46B
ACCENTURE PLC	-9.68%	200B
TATA CONSULTANCY SERVICES LTD.	+2.14%	168B
IBM	+11.93%	167B
AUTOMATIC DATA PROCESSING, INC.	+6.06%	101B
RELX PLC	+8.17%	77.28B
INFOSYS LIMITED	-6.51%	71.13B
CROWDSTRIKE HOLDINGS, INC.	+17.89%	69.94B
SNOWFLAKE INC.	-23.74%	49.16B
HCL TECHNOLOGIES LIMITED	+1.40%	47.6B

Other IT Services & Consulting

Akamai Technologies, Inc.

Equities

AKAM

US00971T1016

IT Services & Consulting

Akamai Technologies : XOR DDoS Botnet Launching 20 Attacks a Day From Compromised Linux Machines, Says Akamai

EPS Revisions