cyber trends
Siloed
understanding of
attacks against
individual systems
isn’t enough for
defenders to
prepare for today’s
complicated threat
landscape.
Tackling the Mirai botnet:
collaboration in action
Collaboration between teams within
Akamai played a crucial role in
discovering Mirai command and
control (C&C) domains to make future
Mirai detection more comprehensive.
The Akamai Security Intelligence and
Response Team (SIRT) has been following
Mirai since its inception, using honeypots
to detect Mirai communications and
identify its C&C servers.
www.intelligentciso.com
|
Issue 03
In late January 2018, Akamai’s SIRT and
Nominum teams shared a list of more
than 500 suspicious Mirai C&C domains.
The goal of this was to understand
whether, if by using DNS data and
artificial intelligence, this list of C&C
could be augmented and make future
Mirai detection more comprehensive.
Through several layers of analysis, the
combined Akamai teams were able
to augment the Mirai C&C dataset
to discover a connection between
Yuriy Yuzifovich, Director of Data Science,
Threat Intelligence, Akamai
19