Wednesday, April 12, 2017

[RESEARCH] Information Security Scammers?

What Attracted Me

Recently, Nexus Guard and Zenedge catch my eyes. They provide similar products/services, such as DDoS Protection by Content Delivery Network (CDN) and Web Application Firewall (WAF).

Nexus Guard website saying that they are the leader in the market :

"As a longtime leader in DDoS defense, Nexusguard is at the forefront of the fight against malicious Internet attacks, protecting organizations worldwide from threats to their websites, services, and reputations."

Zenedge website provides a free vulnerability and threat assessment for their potential clients :

"The report is produced by our team of cybersecurity experts bring a collective 200 years of cybersecurity experience and have been responsible for mitigating some of the largest attacks. Ever."

Basic and Fast Research

I wonder why there are so many CDN providers recently. CDN requires a lot of proxies around the world in order to absorb very large amount of DDoS traffic. They need to invest a lot on the infrastructure. Therefore, I did some basic and fast research on them.

I find out that they both use Let's Encrypt free SSL/TLS certificates on their official websites. Meanwhile, their official websites are hosting (or domains hosting on proxy) on akamaitechnologies.com.

I further find out that akamaitechnologies.com is registered by akamai.com - Akamai. Akamai provides CDN and cloud computing services which is including WAF. She is one of the famous CDN and WAF providers in the market since 1998. I confirmed that akamai.com is hosting (or hosting the domain on the proxy) on akamaitechnologies.com too on different IP address/subnet with Nexus Guard and Zenedge. Meanwhile, Nexus Guard and Zenedge are in the same subnet.

Nexus Guard

Nexus Guard conducted an unprofessional research on Android TV boxes with 3 popular anti-virus programs, such as Dr. Web and ESET in July 2014 and posted on a Hong Kong local magazine - East Week Vol. 568. They just posted the results of the scanning and misled the readers that some Android TV boxes are vulnerable to so-called backdoors. However, they did not confirm if the so-called backdoors are exploitable or not.

Nexus Guard also released an article about DDoS in May 2016 where they mentioned that DDoS by NTP is on the top of the list of the attacks. However, it seems that they do not know that the NTP attacks at that time is because of the zero day vulnerability on NTP protocol.

Most of their reports, threat advisories and whitepapers are restate the information security news that are all available in the public. Thinking of writing so many reports, threat advisories and whitepapers will make them more looking like a professional information security firm?

Zenedge

Since Zenedge provides free vulnerability and threat assessment on their website, I tried to contact the sales agent on the Zenedge site and he redirect me to contact Nelson Chen who is CISSP, CISA, CISM and Director Security Solutions of Zenedge. I requested a free vulnerability and threat assessment on my personal site on April 10, 2017 via direct email with Nelson. However, I did not have any reply from him since then (3 days at the time of this writing).

That make me thinking that they are pretending to provide free service in order to obtain information of their potential clients for their promotion purpose? Or, Neslon is thinking too much when an infosec (information security) guy is approaching them as they are thinking that their customers should be noob? Or, they do not have any professional infosec guy to do assessment on my personal site? Or, my personal site is too lame that they disdain to do the job?

Questions in Mind

If Nexus Guard and Zenedge have their own CDN and products/services, why their official websites are hosting (or hosting the domains on proxy) on Akamai? They do not believe that their products/services are better than Akamai? Nexus Guard and Zenedge are resellers/Value Added Resellers of Akamai? They are all information security scammers?

Conclusion

Think carefully before you purchase information security services or products. Do more researches on the providers/vendors of infosec before making any decision. Finally, it is difficult to determine professional and unprofessional in general.

Reference

Distributed Denial-of-Service Attack
Content Delivery Network
Web Application Firewall

(a) Nexus Guard - https://www.nexusguard.com/
Domain is registered on Sept 9, 2008
Server common name : secure0009.hubspot.com
Server domain #1 : a184-50-88-78.deploy.static.akamaitechnologies.com (184.50.88.78)
Server domain #2 : a184-50-88-3.deploy.static.akamaitechnologies.com (184.50.88.3)
Server IP : 128.177.173.177:443

(b) Zenedge - https://www.zenedge.com/
Domain is registered on Jan 7, 2013
Server common name : secure0004.hubspot.com
Server domain #1 : a184-50-88-76.deploy.static.akamaitechnologies.com (184.50.88.76)
Server domain #2 : a184-50-88-3.deploy.static.akamaitechnologies.com (184.50.88.3)
Server IP : 69.31.76.226:443

(c) Akamai - https://www.akamai.com/
(Akamai Technologies - akamaitechnologies.com)
Domain is registered on Aug 17, 1998
Server domain : a23-75-36-144.deploy.static.akamaitechnologies.com (23.75.36.144)

That's all! See you.