Akamai Our Thinking Intro Image

Akamai Research

The State of the Internet

Making sense of the new age of information security

Hostile Takeover Attempts Report - Overview with CSO Andy Ellis
???Watch the Video???

Most Recent Security Report

2020 State of the Internet / Security: Financial Services – Hostile Takeover Attempts

High-value targets generally attract the most sophisticated criminals and attacks. Our new State of the Internet / Security report looks at financial services and finds a number of emerging trends. We report on spikes in the number of credential stuffing attacks against APIs, LFI passing SQLi as the leading web attack vector against financial services, and a DDoS attack against one bank that reached an astounding 160 Gbps. And in a guest essay, you’ll learn about security marketing tactics that do more harm than good. We also explore the ability of Zero Trust to defend against credential stuffing, web application, and DDoS attacks. Download the report today.

Past Security Reports

2019 State of the Internet / Security: 2019 — A Year in Review

2019 was a big year in security. While major media made headlines out of Facebook breaches and ransomware attacks, security professionals worked behind the scenes to fend off vulnerabilities, bots, and other threats. In our new report, State of the Internet / Security: 2019 — A Year in Review, we reexamine some of the year’s most important developments, with particular attention to research from Akamai’s Security Intelligence Response Team (SIRT). We’ll also update many of the charts that we published in 2019, including those relating to DDoS targets, credential stuffing, and web application attack vectors. Download the report now.

2019 State of the Internet / Security: Phishing - Baiting the Hook

Despite waves of user training and endpoint defenses, phishing still works. Verizon reports that 32% of all data breaches and 78% of cyber-espionage incidents involved some form of phishing. Today, criminals use phishing kits, sold on the dark web, to better impersonate well-known brands. Mobile devices and social media help attacks propagate more quickly. Sometimes phishing sites evade detection by hiding on legitimate websites and servers. Our new report, State of the Internet / Security: Phishing — Baiting the Hook, shows you how this oldest of cyberattacks has evolved to ensnare even the savviest security teams and users. Download it now.

2019 State of the Internet / Security: Media Under Assault

Average daily web attacks against technology and media companies almost doubled between January 2018 and June 2019. In this same period, 35% of all credential stuffing attacks targeted these verticals. For this new State of the Internet / Security report, we look at the sources, techniques, and trends in this growing threat. You’ll see what 98% of web attacks against media and technology sectors have in common. And why video media attracts more credential stuffing attacks than any other vertical. You’ll also learn about the unique security challenges that streaming media companies face, including a shortage of security talent.

2019 State of the Internet / Security: Financial Services Attack Economy

Attacks on financial services institutions are growing in both quantity and sophistication. Our new State of the Internet / Security report studies criminal behavior across this advanced and expansive financial services attack economy: from a popular authentication mechanism for staging credential stuffing attacks to the use of stolen identities to cash out ill-gotten gains. The report identifies leading DDoS and application-layer attack vectors, lucrative phishing variants, and how criminals stage decoy attacks to distract from their real targets. Attacks that prove successful in financial services often move on to other industries. Download the report, and see what petabytes of data tell us.

2019 State of the Internet / Security: Web Attacks and Gaming Abuse

Criminals go where the money is. And these days, there’s real money to be stolen in the virtual world of gaming. Our latest State of the Internet / Security report delves into the growing popularity of credential stuffing attacks against the gaming industry. In one 17-month period, we counted 12 billion attacks. We went over to the darknet and found some surprising reasons why. We also found another surprise in our study: Two vectors account for nearly 90% of all web application attacks. Also in this issue, Akamai CMO Monique Bonner shares three unexpected observations about security professionals.

2019 State of the Internet / Security: Credential Stuffing - Attacks and Economies (Special Media Report)

This special issue of the “State of the Internet / Security” report focuses on the hundreds of millions of credential stuffing attacks that occur each day, especially those aimed at video, gaming, entertainment, and other media organizations. The report describes tools and tutorials available online at little or no cost to criminals seeking to exploit stolen username/password or email/password combinations, including All-in-One (AIO) applications such as SNIPR. It also looks at the thriving darknet marketplaces for stolen accounts, a virtual shopping mall for credential abuse attackers. Akamai security researchers also recommend methods to reduce the threat of credential stuffing attacks.

2019 State of the Internet / Security: Retail Attacks and API Traffic

This issue of State of the Internet / Security provides insightful security research and intelligence into three security risks many organizations may overlook. First, a survey of API traffic reveals that APIs now account for 83% of all hits, while HTML traffic has fallen to 17% of traffic. Second, research into DNS traffic reveals that IPv6 traffic may be underreported; many systems capable of IPv6 still show a preference for IPv4. Lastly, our look at credential abuse and the botnets that abuse retailer inventories shows that this is a rising problem that needs attention.

2019 State of the Internet / Security: DDoS and Application Attacks

Sometimes a DDoS or web application attack isn’t. We saw 875,000 POST requests per second targeting a customer in Asia and uncovered the real cause — so you can avoid it. The State of the Internet / Security DDoS and Application Attacks report provides insightful security research and intelligence. Learn about the evasion tactics attackers use to circumvent bot management defenses. We mined job postings to identify the skill sets they seek to help you understand your threat environment. Take time out for mental health with information on how mitigate the risk of stress and burnout in your security team.