SlideShare a Scribd company logo

APCERT Updates

APNIC
APNIC

1) APCERT is a forum of Computer Security Incident Response Teams (CSIRTs) and Computer Emergency Response Teams (CERTs) in the Asia Pacific region established in 2003. It currently has 30 operational members from 21 economies. 2) APCERT aims to promote cooperation on cybersecurity, facilitate information sharing, and assist members in responding to cyber incidents through working groups, an annual conference, and incident response drills. 3) Key recent activities include updating governance policies, conducting a capacity building survey, hosting bi-monthly online trainings, and an annual incident response drill with over 30 participating teams.

1 of 19
1 APCERT Asia Pacific Computer Emergency Response Team Activities, Challenges & Collaboration TLP:WHITE Prepared by APCERT Secretariat February 2019 Copyright © 2018 APCERT
2 Copyright © 2018 APCERT About APCERT APCERT Vision Statement APCERT will work to help create a Safe, Clean and Reliable cyber space in the Asia Pacific Region through global collaboration l Asia Pacific Computer Emergency Response Team http://www.apcert.org l Forum of CSIRTs/CERTs in the Asia Pacific region l Established in February 2003 l 30 Operational Members from 21 economies l APCERT also has MOU/cooperative relationships with l STOP.THINK.CONNECT l TF-CSIRT (CSIRT community in Europe) l OIC-CERT (Organisation of Islamic Cooperation CERT) l APNIC
APCERT’s Outreach - Cross regional collaboration
4 APCERT Operational Members (30 Teams from 21 Economies) Japan JPCERT/CC South Korea KrCERT/CC Taiwan TWNCERT, TWCERT/CC, EC-CERT Hong Kong HKCERT, GovCERT.HK Macau MOCERT Vietnam VNCERT Brunei BruCERT Indonesia Id-SIRTII/CC, ID-CERT Australia ACSC(Chair), AusCERT New Zealand CERT NZ Mongolia MNCERT/CC, MonCIRT China CNCERT/CC, CCERT Bangladesh bdCERT, BGD e-Gov CIRT India CERT-In Myanmar mmCERT Sri Lanka Sri Lanka CERT|CC, TechCERT Laos LaoCERT Thailand ThaiCERT Malaysia MyCERT Singapore SingCERT Steering CommitteeCorporate Partners (3) l Bkav (Vietnam), Microsoft, Secureworks Copyright © 2018 APCERT Bhutan BtCIRT
5 Copyright © 2018 APCERT 1. be a CERT from an Asia Pacific economy, which performs the function of a CSIRT or CERT on a full time basis 2. be a leading or national CERT within its own economy 3. be not-for-profit and/or wholly or partly government funded 4. have established policies, practices and procedures for operating a CERT within its economy and have experience in CERT operations including incident handling and cyber threat and vulnerability monitoring and advice 5. have a broad responsibility and capability for disseminating information and coordinating incident response across and/or among sectors within its economy 6. Obtain an OM sponsor, application and site visit APCERT OM Criteria
6 Copyright © 2018 APCERT Asia-Pacific Region Source: APNIC
7 Copyright © 2018 APCERT
8 Copyright © 2018 APCERT Why do we need APCERT? • Cyber threat landscape continues to evolve • Range of threats is ever increasing – seeing two distinct trends 1. Targeted: Increasingly sophisticated exploits are being developed and deployed against well-protected networks 2. Broad-based: Criminals compromising networks using publicly known vulnerabilities that have known mitigations (eg WanaCry) • Current challenges • Ransomware • Business Email Compromise / Social engineering • Targeting trusted third parties • DDoS • The challenges are not national – they are regional and global • Theft of money, data (corporate & personal) and intellectual property • Extortion attacks such as denial of service and ransomware • Malware hosted on compromised websites • Spear phishing emails / Business email compromise – network access & fraud
9 Copyright © 2018 APCERT — Encourage and support regional and international cooperation on information security in the Asia Pacific region — Jointly develop measures to deal with large-scale or regional network security incidents — Facilitate information sharing and technology exchange, including info security, computer virus and malicious code, among its members — Promote collaborative research and development on subjects of interest to its members APCERT Objective 1 – Security Cooperation
10 Copyright © 2018 APCERT — Assist other CSIRTs in the region to conduct efficient and effective computer security emergency response capability — Provide inputs and/or recommendations to help address legal issues related to information security and emergency response capabilities across regional boundaries APCERT Objective 2 – Emergency Response
11 Copyright © 2018 APCERT — Organize and conduct an annual AGM and APCERT Conference to raise awareness on computer security incident responses and trends, exchange information on cyber security trends, discuss threats and challenges, and assist government & critical entities APCERT Objective 3 – Security Awareness
12 Copyright © 2018 APCERT How does APCERT work? CSIRT (Computer Security Incident Response Team) • Independent from politics, industry, market… • Do not focus on WHO and WHY, focus on WHAT and HOW from a technical coordination perspective CSIRT Common Policy • MY security depends on YOUR security • Web of trust Systematic Handling • Timely manner • Each team has appropriate domestic contacts to handle and respond to incidents (ISPs, critical infrastructure, government…) • Mailing lists, Traffic Light Protocol, encrypted e-mail • Reaching to disconnected areas using CSIRT network POC arrangement between members • One Point of Contact per economy • Deal with serious and time critical computer security incidents • Reachable 24 hours / 7 days via call
13 Copyright © 2018 APCERT Ø Malware Mitigation WG (Convener: MyCERT) Ø Information Sharing WG (Convener: CNCERT/CC) Ø Membership WG (Convener: KrCERT/CC) Ø Policy, Procedures and Governance WG (Convener: CERT Australia) Ø Training WG (Convener: TWNCERT) *Joint network monitoring project Ø TSUBAME WG (Convener: JPCERT/CC) Ø Drill WG (Convener: ThaiCERT) Ø Secure Digital Payment WG (Convener: CERT-In) Ø IoT Security WG (Convener: CERT-In) APCERT Working Groups
14 Copyright © 2018 APCERT APCERT Online Training (bimonthly) Capacity Building Date Theme Presenter Apr 2018 Analyses of A Compromised Linux Server APNIC Aug Performing Forensics on and Azure Virtual Machine Microsoft Oct Shaoye Botnet – Android Malware & DNS Hijacking) TWNCERT Dec Inside the APCERT Drill: Player, Observers, EXCON and OC Confirmation AusCERT Feb 2019 Digital Forensic Analysis with Free and Open Source Tools TechCERT
15 Copyright © 2018 APCERT Recent and upcoming Activities Updated APCERT Operational Framework • New structure to include Partners APCERT Information Classification Policy Update • Updating APCERT Information Classification Policy in line with the ‘FIRST Standards Definitions and Usage Guidance — Version 1.0’ Capacity Building Survey • Surveyed members in 2017 conducted to determine APCERT member strengths and gaps • Capacity Development WG to be established: will use the skills and expertise of APCERT Members/Partners to share experiences and strengthen the APCERT community Events presented as APCERT Representative: • The OIC-CERT Annual General Meeting and Annual Conference • APRICOT / FIRST TC / AP* • APEC-TEL
16 Copyright © 2018 APCERT Recent and upcoming Activities - APCERT Drill Practice – APCERT Incident Handling Drill • Conducted annually • Participation from most of APCERT teams and some external organisations • A simulation exercise of cyber attacks, includes communication checks based on given scenario. Last Drill: 7 March 2018 • Theme: “Data Breach via Malware on IoT” • Participating Teams: • 27 CSIRTs from 20 economies (APCERT) • 5 CSIRTs from OIC-CERT • Objective/Scenario: • Simulated an attack on the medical sector caused by IoT devices being infected with malware • Focus on communication rather than technical analysis
17 Copyright © 2018 APCERT — 2018 APCERT AGM and Conference ◦ Date: 21-24 October 2018 in Shanghai ◦ Hosted by: CNCERT/CC (China) ◦ Theme: “Building Trust in the Digital Economy” Recent and upcoming Activities - APCERT AGM & Conference
18 Copyright © 2018 APCERT Ø Activity reports of APCERT member teams — Overview and activities of each team -Team reports and statistics on incidents and trends -Projects and Activities Ø Annual Report 2017 is available online ◦ https://www.apcert.org/documents/pdf/APCERT_Annual _Report_2017.pdf ◦ 2018 version will be published in April APCERT Annual Report
19 Copyright © 2018 APCERT APCERT General Contact: apcert-sec@apcert.org APCERT Website: https://www.apcert.org Thank you!

More Related Content

APCERT Updates

  • 1. 1 APCERT Asia Pacific Computer Emergency Response Team Activities, Challenges & Collaboration TLP:WHITE Prepared by APCERT Secretariat February 2019 Copyright © 2018 APCERT
  • 2. 2 Copyright © 2018 APCERT About APCERT APCERT Vision Statement APCERT will work to help create a Safe, Clean and Reliable cyber space in the Asia Pacific Region through global collaboration l Asia Pacific Computer Emergency Response Team http://www.apcert.org l Forum of CSIRTs/CERTs in the Asia Pacific region l Established in February 2003 l 30 Operational Members from 21 economies l APCERT also has MOU/cooperative relationships with l STOP.THINK.CONNECT l TF-CSIRT (CSIRT community in Europe) l OIC-CERT (Organisation of Islamic Cooperation CERT) l APNIC
  • 3. APCERT’s Outreach - Cross regional collaboration
  • 4. 4 APCERT Operational Members (30 Teams from 21 Economies) Japan JPCERT/CC South Korea KrCERT/CC Taiwan TWNCERT, TWCERT/CC, EC-CERT Hong Kong HKCERT, GovCERT.HK Macau MOCERT Vietnam VNCERT Brunei BruCERT Indonesia Id-SIRTII/CC, ID-CERT Australia ACSC(Chair), AusCERT New Zealand CERT NZ Mongolia MNCERT/CC, MonCIRT China CNCERT/CC, CCERT Bangladesh bdCERT, BGD e-Gov CIRT India CERT-In Myanmar mmCERT Sri Lanka Sri Lanka CERT|CC, TechCERT Laos LaoCERT Thailand ThaiCERT Malaysia MyCERT Singapore SingCERT Steering CommitteeCorporate Partners (3) l Bkav (Vietnam), Microsoft, Secureworks Copyright © 2018 APCERT Bhutan BtCIRT
  • 5. 5 Copyright © 2018 APCERT 1. be a CERT from an Asia Pacific economy, which performs the function of a CSIRT or CERT on a full time basis 2. be a leading or national CERT within its own economy 3. be not-for-profit and/or wholly or partly government funded 4. have established policies, practices and procedures for operating a CERT within its economy and have experience in CERT operations including incident handling and cyber threat and vulnerability monitoring and advice 5. have a broad responsibility and capability for disseminating information and coordinating incident response across and/or among sectors within its economy 6. Obtain an OM sponsor, application and site visit APCERT OM Criteria
  • 6. 6 Copyright © 2018 APCERT Asia-Pacific Region Source: APNIC
  • 8. 8 Copyright © 2018 APCERT Why do we need APCERT? • Cyber threat landscape continues to evolve • Range of threats is ever increasing – seeing two distinct trends 1. Targeted: Increasingly sophisticated exploits are being developed and deployed against well-protected networks 2. Broad-based: Criminals compromising networks using publicly known vulnerabilities that have known mitigations (eg WanaCry) • Current challenges • Ransomware • Business Email Compromise / Social engineering • Targeting trusted third parties • DDoS • The challenges are not national – they are regional and global • Theft of money, data (corporate & personal) and intellectual property • Extortion attacks such as denial of service and ransomware • Malware hosted on compromised websites • Spear phishing emails / Business email compromise – network access & fraud
  • 9. 9 Copyright © 2018 APCERT — Encourage and support regional and international cooperation on information security in the Asia Pacific region — Jointly develop measures to deal with large-scale or regional network security incidents — Facilitate information sharing and technology exchange, including info security, computer virus and malicious code, among its members — Promote collaborative research and development on subjects of interest to its members APCERT Objective 1 – Security Cooperation
  • 10. 10 Copyright © 2018 APCERT — Assist other CSIRTs in the region to conduct efficient and effective computer security emergency response capability — Provide inputs and/or recommendations to help address legal issues related to information security and emergency response capabilities across regional boundaries APCERT Objective 2 – Emergency Response
  • 11. 11 Copyright © 2018 APCERT — Organize and conduct an annual AGM and APCERT Conference to raise awareness on computer security incident responses and trends, exchange information on cyber security trends, discuss threats and challenges, and assist government & critical entities APCERT Objective 3 – Security Awareness
  • 12. 12 Copyright © 2018 APCERT How does APCERT work? CSIRT (Computer Security Incident Response Team) • Independent from politics, industry, market… • Do not focus on WHO and WHY, focus on WHAT and HOW from a technical coordination perspective CSIRT Common Policy • MY security depends on YOUR security • Web of trust Systematic Handling • Timely manner • Each team has appropriate domestic contacts to handle and respond to incidents (ISPs, critical infrastructure, government…) • Mailing lists, Traffic Light Protocol, encrypted e-mail • Reaching to disconnected areas using CSIRT network POC arrangement between members • One Point of Contact per economy • Deal with serious and time critical computer security incidents • Reachable 24 hours / 7 days via call
  • 13. 13 Copyright © 2018 APCERT Ø Malware Mitigation WG (Convener: MyCERT) Ø Information Sharing WG (Convener: CNCERT/CC) Ø Membership WG (Convener: KrCERT/CC) Ø Policy, Procedures and Governance WG (Convener: CERT Australia) Ø Training WG (Convener: TWNCERT) *Joint network monitoring project Ø TSUBAME WG (Convener: JPCERT/CC) Ø Drill WG (Convener: ThaiCERT) Ø Secure Digital Payment WG (Convener: CERT-In) Ø IoT Security WG (Convener: CERT-In) APCERT Working Groups
  • 14. 14 Copyright © 2018 APCERT APCERT Online Training (bimonthly) Capacity Building Date Theme Presenter Apr 2018 Analyses of A Compromised Linux Server APNIC Aug Performing Forensics on and Azure Virtual Machine Microsoft Oct Shaoye Botnet – Android Malware & DNS Hijacking) TWNCERT Dec Inside the APCERT Drill: Player, Observers, EXCON and OC Confirmation AusCERT Feb 2019 Digital Forensic Analysis with Free and Open Source Tools TechCERT
  • 15. 15 Copyright © 2018 APCERT Recent and upcoming Activities Updated APCERT Operational Framework • New structure to include Partners APCERT Information Classification Policy Update • Updating APCERT Information Classification Policy in line with the ‘FIRST Standards Definitions and Usage Guidance — Version 1.0’ Capacity Building Survey • Surveyed members in 2017 conducted to determine APCERT member strengths and gaps • Capacity Development WG to be established: will use the skills and expertise of APCERT Members/Partners to share experiences and strengthen the APCERT community Events presented as APCERT Representative: • The OIC-CERT Annual General Meeting and Annual Conference • APRICOT / FIRST TC / AP* • APEC-TEL
  • 16. 16 Copyright © 2018 APCERT Recent and upcoming Activities - APCERT Drill Practice – APCERT Incident Handling Drill • Conducted annually • Participation from most of APCERT teams and some external organisations • A simulation exercise of cyber attacks, includes communication checks based on given scenario. Last Drill: 7 March 2018 • Theme: “Data Breach via Malware on IoT” • Participating Teams: • 27 CSIRTs from 20 economies (APCERT) • 5 CSIRTs from OIC-CERT • Objective/Scenario: • Simulated an attack on the medical sector caused by IoT devices being infected with malware • Focus on communication rather than technical analysis
  • 17. 17 Copyright © 2018 APCERT — 2018 APCERT AGM and Conference ◦ Date: 21-24 October 2018 in Shanghai ◦ Hosted by: CNCERT/CC (China) ◦ Theme: “Building Trust in the Digital Economy” Recent and upcoming Activities - APCERT AGM & Conference
  • 18. 18 Copyright © 2018 APCERT Ø Activity reports of APCERT member teams — Overview and activities of each team -Team reports and statistics on incidents and trends -Projects and Activities Ø Annual Report 2017 is available online ◦ https://www.apcert.org/documents/pdf/APCERT_Annual _Report_2017.pdf ◦ 2018 version will be published in April APCERT Annual Report
  • 19. 19 Copyright © 2018 APCERT APCERT General Contact: apcert-sec@apcert.org APCERT Website: https://www.apcert.org Thank you!