All news with #akamai tag

Spike in Automated Botnet Attacks Targeting PHP, IoT

🔍 Cybersecurity researchers warn of a sharp rise in automated botnet campaigns targeting PHP servers, IoT devices, and cloud gateways. The Qualys Threat Research Unit says Mirai, Gafgyt, Mozi and similar botnets are exploiting known CVEs, misconfigurations and exposed secrets to recruit vulnerable systems. Attackers leverage active debug interfaces (for example using '/?XDEBUG_SESSION_START=phpstorm'), scan from cloud providers to mask origin, and turn compromised routers and DVRs into residential proxies. Recommended mitigations include prompt patching, removing development tools from production, securing secrets with AWS Secrets Manager or HashiCorp Vault, and restricting public cloud access.

Cryptominer targets exposed Docker APIs, installs backdoors

🔒 Akamai researchers reported a June–August 2025 variant that no longer drops a cryptominer but instead leverages exposed Docker APIs to gain persistent host access. The campaign launches lightweight containers that mount the host filesystem and fetch Base64-encoded scripts over Tor to install tools such as curl and tor. Once inside, the malware appends SSH keys, creates cron jobs, and attempts to modify firewall rules to deny others access to port 2375. Akamai also observed dormant logic to probe Telnet and Chrome remote debugging (9222), suggesting future botnet expansion.