While the ISPs, DDoS mitigation services, and others scramble to figure out how to augment traditional defenses to handle this new threat, we decided to investigate a less conventional approach. Attackers often rely on exploiting vulnerabilities in software we own to install their tools on our systems…So why not use their own strategy against them?
Source: Invincea Labs
A nice write-up about another contrarian approach to defeating botnet coordinated attacks against online systems. The concept of exploiting an operating botnet is interesting, and in this demonstration successful. What I found most interesting was the introduction of specific active defense methods that businesses, service providers, ISP, OSP, and DDoS mitigation companies can / should / may begin to leverage.
How is your company leveraging active defense? Not specifically counter-attacking, but other methods? In my work around product security, I see the concept of predefining attack scenarios and setting up safeguards in the code (i.e., if X becomes available do Y… not simply stop buffer overflow, but acceptance of an event and establishing the next two steps to continue operations).
Within autonomous infrastructure, cars, online cloud / container environments this now must be instituted. The complexity and fun is in the scenario analysis and multi-variable conclusion requirements.
Glad to see others thinking outside the box.