From scmagazine.com
Akamai observed attackers using a technique dubbed, Cipher Stunting, or using advanced methods to randomize SSL/TLS signatures in an attempt to evade detection attempts.
Researchers noted spikes in distinct fingerprints in August 2018 with 18,652 distinct fingerprints globally but at the time there was no evidence of any tampering with Client Hello or any other fingerprint component, according to a May 15 Akamai blog post.
In early September 2018 researchers began observing TLS tampering via cipher randomization across several verticals with many instances targeted towards airlines, banking, and dating websites and by the end of October, the TLS tampering had climbed to 255 million and hit more than 1.3 billion instances by February 2019.