Examples of how attackers carry out mass exploitation campaigns and how to defend against them.
We’ve all seen the movies where there’s a dark hooded figure sitting behind a keyboard entering a 3D virtualized representation of the internet. Focusing in on their target, the figure sees various bits of information about that person, from their birth date, to headshot of them stepping out of a limo. As you can guess, this is not how attackers carry out their exploits.
Attackers use a lot of the same services we use, like CDN networks so attack payloads are distributed geographically, or proxy services to carry out their attacks without revealing their location.
In this article we’ll talk about the tactics and procedures observed by Akamai researchers and security teams, as they work through the operational response process of a mass exploitation campaign. Mass Exploitation is a term used to convey the process in which attackers launch an attack campaign in large scale using CDN services, or mass mailing services to reach more victims in less time.