Connect with us

Hi, what are you looking for?



Akamai’s CDN Logs Uncover Emerging Phishing Attacks

Akamai Uses CDN Logs to Gain Insight Into the Success of Phishing Attacks

Akamai Uses CDN Logs to Gain Insight Into the Success of Phishing Attacks

A common feature of a malicious phishing site is to redirect the victim to the legitimate site once the user credentials have been gathered. The purpose is to reinforce trust and to hide or delay discovery of the data theft. If that legitimate site is part of a content delivery network (CDN), the redirect will go via the network operator and can be logged by the CDN.

The log will include the referring IP address and can be used to recognize — and indeed monitor — phishing sites. This was a research task the Akamai CDN set itself. Over four months, it found 1,221 active phishing domains that were not part of the Akamai ecosystem but which either consumed data from or redirected victims to Akamai customer sites.

“We were able to find unique and meaningful insights on several phishing attacks,” reports Akamai security researcher Or Katz. “More importantly, we got a clear understanding on the number of victims, and such visibility is rarely published.” Since he only used a sample dataset from the Akamai logs, he believes the true number of phishing sites using resources through Akamai is much higher. And of course, the overall number of phishing sites discovered is tiny in comparison to the full number of those that don’t get seen by Akamai.

Nevertheless, an analysis of more than 1,200 phishing sites, and the victims of those phishing sites, is enough to provide some meaningful information. Unsurprisingly, there was a spike towards the holiday season. Both the number of new phishing sites detected and the number of victims of phishing peaked in the week of Thanksgiving (about 380,000 victims). This was followed by a slight decline, before both rose again in the weeks immediately preceding Christmas. The total number of victims of these sites is estimated at 2.4 million, but the true number is thought to be higher.

The figures also show that the two most affected industries are media and ecommerce, with 759 and 403 sites detected respectively. These are figures that cannot be accurately related across the whole of the internet since media and ecommerce are important customers for content delivery services and will automatically provide a higher percentage of phishing sites. Nevertheless, it demonstrates the importance of the two sectors to phishers.

Katz also related the phishing sites he found to public threat intelligence resources, and found that 20% were not known to be malicious even days after their campaigns were activated. While concerning, he doesn’t find this surprising. “Phishing has a low barrier to entry for criminals, and there are whole turn-key businesses centered on this fact,” he comments. “This partly explains why so many phishing websites go undetected.  Defenses are challenged, and sometimes overwhelmed with the volume of new phishing campaigns.”

New phishing sites are quite simply spun up faster than they can be detected.

Advertisement. Scroll to continue reading.

While Akamai’s research cannot give an overall picture of the phishing threat, it does highlight one very disturbing figure that is absolute: there were more than 2 million victims of just 1,200 phishing sites over a period of only four months. This should be a red flag. “Phishing isn’t going away any time soon,” says Katz, “and the first and most fundamental step would be to better educate our peers, colleagues, and families to be suspicious and think twice before giving away sensitive information or downloading unknown files. The old saying applies; if something looks or feels too good to be true, then it is.”

Related: Advanced “16Shop” Phishing Kit Expands Offerings 

Related: Verizon Publishes 2019 Data Breach Investigations Report (DBIR) 

Related: 18.5 Million Websites Infected With Malware at Any Time 

Related: Cost of Data Breach in UK Increases More Than 41% in Two Years 

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content


The easiest way for a cyber-attacker to gain access to sensitive data is by compromising an end user’s identity and credentials. Things get even...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Fraud & Identity Theft

Famed hacker Kevin Mitnick has died after a battle with pancreatic cancer.  At the time of his death, he was Chief Hacking Officer at...


Enterprise users have been warned that cybercriminals may be trying to phish their credentials by luring them with fake emails that appear to be...


The Single Most Important Part of Dealing with a Phishing Attack is Preparing for the Attack Before it Actually Happens.

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...


The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...