Attacking the attacking IoT Botnet: Invincea Labs’ Killing Mirai: Active defense

While the ISPs, DDoS mitigation services, and others scramble to figure out how to augment traditional defenses to handle this new threat, we decided to investigate a less conventional approach. Attackers often rely on exploiting vulnerabilities in software we own to install their tools on our systems…So why not use their own strategy against them?

Source: Invincea Labs

A nice write-up about another contrarian approach to defeating botnet coordinated attacks against online systems. The concept of exploiting an operating botnet is interesting, and in this demonstration successful. What I found most interesting was the introduction of specific active defense methods that businesses, service providers, ISP, OSP, and DDoS mitigation companies can / should / may begin to leverage.

How is your company leveraging active defense? Not specifically counter-attacking, but other methods? In my work around product security, I see the concept of predefining attack scenarios and setting up safeguards in the code (i.e., if X becomes available do Y… not simply stop buffer overflow, but acceptance of an event and establishing the next two steps to continue operations).

Within autonomous infrastructure, cars, online cloud / container environments this now must be instituted. The complexity and fun is in the scenario analysis and multi-variable conclusion requirements.

Glad to see others thinking outside the box.




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s