Intelligent CISO Issue 03 | Page 19

cyber trends Siloed understanding of attacks against individual systems isn’t enough for defenders to prepare for today’s complicated threat landscape. Tackling the Mirai botnet: collaboration in action Collaboration between teams within Akamai played a crucial role in discovering Mirai command and control (C&C) domains to make future Mirai detection more comprehensive. The Akamai Security Intelligence and Response Team (SIRT) has been following Mirai since its inception, using honeypots to detect Mirai communications and identify its C&C servers. www.intelligentciso.com | Issue 03 In late January 2018, Akamai’s SIRT and Nominum teams shared a list of more than 500 suspicious Mirai C&C domains. The goal of this was to understand whether, if by using DNS data and artificial intelligence, this list of C&C could be augmented and make future Mirai detection more comprehensive. Through several layers of analysis, the combined Akamai teams were able to augment the Mirai C&C dataset to discover a connection between Yuriy Yuzifovich, Director of Data Science, Threat Intelligence, Akamai 19