The Akamai Blog

Hello, and welcome to our very first Developer Community update of 2022. In this new monthly series, we?ll share highlights of what is happening across the Akamai Developer Community. Since this is the first blog we?re posting, we will also catch up on news from October 2021 through today.

Universal Plug and Play (UPnP) is a widely used protocol with a decade-long history of flawed implementations across a wide range of consumer devices. In this paper, we will cover how these aws are still present on devices, how these vulnerabilities are actively being abused, and how a feature/vulnerability set that seems to be mostly forgotten could lead to continued problems in the future with DDoS, account takeover, and malware distribution.

UPnProxy is alive and well. There are 277,000 devices, out of a pool of 3.5 million, running vulnerable implementations of UPnP. Of those, Akamai can confirm that more than 45,000 have been compromised in a widely distributed UPnP NAT injection campaign.

Learn how Akamai?s Managed Content Protection offering helps combat and mitigate the growing effects of online piracy for Akamai customers.

Secure your workforce with the help of multi-factor authentication and Akamai's Zero Trust Network Access application in place of a virtual private network (VPN).

Akamai threat researchers tracked continuous cyberattack and crypto-phishing campaigns that took advantage of cryptocurrency-based scams.

Encrypting DNS servers is a necessary next step in web security to prevent sensitive materials from being breached, thus improving user privacy and security.

Threat Researcher Larry Cashdollar has discovered evidence of the Mirai botnet abusing Log4j vulnerability and shares code examples.

Read about strategies to help protect against new and more impactful security threats and vulnerabilities in Log4j from Akamai CTO Charlie Gero.

Learn about Discover and Announce, a 100% serverless application built on Akamai IoT Edge Connect, which can run entirely on the Akamai edge.

Akamai CTO Charlie Gero shows how the Log4j threat surface could extend to unpatchable embedded and IoT devices.

While containers offer speed and flexibility that have not been possible before in the data center, they are also exposed to security threats such as ransomware, cryptomining, and botnets.

Learn about the widely used Java-based logging library Log4j and how its vulnerability and other capabilities presented a major opportunity to attackers.

Explore some of the Akamai Abuse and Fraud Prevention team?s predictions for the future of abuse and fraud protection in 2022 and beyond.

Video game downloads and console updates helped game industry traffic peak at 125% above average on Christmas day according to Akamai, which supports more than 225 game publishers globally.

It?s no secret that the global pandemic increased opportunities for threat actors and cybercriminals to target financial services. Throughout 2020, scammers used the economic tension caused by COVID-19 ? the promise of financial assistance, the stress of financial hardship ? to target people across the globe via phishing attacks.

Log4Shell (CVE-2021-44228) is a remote code execution (RCE) vulnerability in the Apache-foundation open-source logging library Log4j. It was published on December 9, 2021, and then all hell broke loose. As Log4j is a common logging library for Java applications, it is highly widespread.

To me, Diversity & Inclusion means a new way of thinking and engaging with society. It seems to be one of the most popular phrases that every person sees on the internet every day. I have been appointed as an ambassador of D&I for Akamai?s Asia-Pacific Japan region, and have been learning the essential principles along with some of my colleagues for the past several months.