Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, January 12 • 10:00am - 10:30am
'Lions and Tigers and Bears, Mirai!': Tracking IoT-Based Malware w//Netflow

Sign up or log in to save this to your schedule and see who's attending!

The Mirai malware rose to prominence in late 2016 with record-breaking Distributed Denial of Service (DDoS) attacks from a botnet built largely from the unlikeliest of sources - various linux-based devices that make up the so-called Internet-of-Things (IoT). "Are we vulnerable to Mirai? Do we have any active infections? Are we participating in the DDoS attacks? What can we do to protect ourselves?" These are all questions that should immediately come to mind for IT managers and network defenders. The NCCIC/US-CERT Network Analysis Team leveraged the National Cybersecurity Protection System (NCPS), better know as EINSTEIN, to answer these questions for U.S. Federal Government entities.

This presentation will begin with an overview of Mirai, and why it is notable, and discuss some key aspects of Mirai's behavior from analyzing Mirai source code and community open source research. Next, we will present the analysis methodology that we employed, leveraging both netflow and content-based network traffic analysis to correlate known indicators and infrastructure with behavioral characteristics, and discuss how they were used to complement one another. Finally, we will discuss some lessons-learned and share some thoughts on the future of IoT-based threats and defensive strategies.

Speakers
KB

Kevin Breeden

Kevin Breeden is a network security analyst currently supporting the United States Computer Emergency Readiness Team (US-CERT) Network Analysis branch. Kevin's primary responsibilities are network traffic analysis through various proactive and reactive analysis techniques centered on the EINSTEIN program.  The majority of his time is spent identifying and tracking nation state APT activity, in addition to identifying and developing new... Read More →



Thursday January 12, 2017 10:00am - 10:30am
Great Room V-VIII 7450 Hazard Center Dr.

Attendees (22)