ARLINGTON, Va. – Cyber security experts at Packet Forensics LLC in Virginia Beach, Va., will continue a U.S. military project to identify and eliminate botnet attacks, large-scale malware, and other trusted computing threats from compromised military devices and networks.
Officials of the U.S. Defense Advanced Research Projects Agency (DARPA) in Arlington, Va., announced a $10 million order to Packet Forensics last week for the DARPA Harnessing Autonomy for Countering Cyberadversary Systems (HACCS) research project.
HACCS seeks the ability to find and eliminate sophisticated cyber security threats in a scalable, timely, safe, and reliable manner, while maintaining privacy and other legal safeguards -- even if the owners of botnet-conscripted networks are unaware of the infection and are not participating in neutralization.
Packet Forensics originally won a $1.2 million HACCS contract on 4 Sept. 2018, and then won a $10 million modification to this contract later that month, and then another $10 million modification last week.
Related: DARPA awards contracts for XD3 cyber security project to counter denial of service attacks
Packet Forensics is developing the techniques and software necessary to measure the accuracy of identifying botnet-infected networks, the accuracy of identifying the type of devices residing in a trusted-computing network, and the stability of potential access vectors.
Kudu Dynamics LLC in Chantilly, Va.; Sotera Defense Solutions Inc. in Herndon, Va.; and to Aarno Labs LLC in Cambridge, Mass., also have been involved in the HACCS project.
Packet Forensics will measure the effectiveness of denying, degrading, and disrupting botnets and individual botnet implants without affecting the systems and networks where they reside.
Malicious actors can penetrate and use with impunity large numbers of devices owned and operated by third parties, DARPA officials say. Such collections of compromised devices, commonly referred to as botnets, are used for criminal, espionage, and computer network attack purposes -- sometimes all three.
Recent examples of botnets and self-propagating malcode include Mirai, Hidden Cobra, WannaCry, and Petya/NotPetya. The scale of their potential and actualized effects make such malware a national security threat. Yet improving the security posture of U.S. military networks alone is insufficient to counter such threats, DARPA officials say. Current incident response methods are too resource- and time-consuming to address the problem at scale.
Active defense methods are insufficiently precise and predictable in their behavior, posing a risk that the “fix” may cause processing issues or other side effects. This is where the HACCS program comes in.
Packet Forensics will identify and fingerprint not only botnet-conscripted networks to determine the presence of botnet implants, but also the number and types of devices present on said networks, and the software services running on these devices.
The company will generate non-disruptive software exploits for many known vulnerabilities that could establish initial presence in each botnet-conscripted network without affecting legitimate system functionality.
In addition, Packet Forensics will create software agents that autonomously navigate within botnet-conscripted networks, identify botnet implants, and neutralize them or otherwise curtail their ability to operate, while minimizing network side effects.
On this order Packet Forensics will do the work in Virginia Beach, Va., and should be finished by August 2020. For more information contact Packet Forensics online at www.packetforensics.com, or DARPA at www.darpa.mil.
