Security teams wrap up anti-cyber attack drill

[InfoSec News <alerts () infosecnews org>]

http://www.sundayobserver.lk/2012/02/19/new20.asp

By Manjula FERNANDO
Sunday Observer
19 February 2012

The leading computer security response teams in Sri Lanka completed a 
drill to test response capability of their systems last week in a joint 
cross-border action organised by the Asia Pacific Computer Emergency 
Response Team (APCERT) headquartered in Japan.

Titled "Advance Persistent Threats and Global Coordination", the drill 
this year was attended by 24 response teams in 19 Asia Pacific 
countries, which was conducted for five hours from 8.00 a.m. to 1.00 
p.m.

"We simulated a real life attack on the Internet. During the drill, 
their communication, analytical and problem-solving skills were 
evaluated," Manager, Product Development, Janantha Marasinghe of 
TechCERT, the network which acted as the head of organising committee 
and the exercise control in the drill told the Sunday Observer .

The drill created a virtual world with a defence contractor as the 
target of the cyber attack.

One of the employees of this establishment, which deals with highly 
classified and sensitive data, receives a physhing e-mail (a mail that 
can steal important data in your computer). It was not detected until 
the company receives an anonymous call later that day saying their data 
has been published in a website.

The task was to identify and neutralize the threat.

The objective of the drill was to exercise incident response handling 
arrangements locally and internationally to mitigate the impact of 
Advance Persistent Threats (APT). APT involve large scale 'malicious 
software' propagation and attacks capable of impairing the critical 
infrastructure and economic activities (Banks).

"The APT advanced persistent threat is like a 'kottu' of several 
different attacks. It can be a combination of physhing, cross site 
scripting, etc, etc," Marasinghe said.

Last year there has been several major APT attacks on the Internet 
crippling major establishments.

These were in the EU, the US and China, etc. Sri Lanka has not 
experienced such attacks so far but remains vulnerable.

Both SLCERT and TechCERT the two cyber security response teams in Sri 
Lanka participated in the drill.

APCERT is a contact network of computer security networks in the Asia 
Pacific and is chaired by Japan computer emergency response team.

Marasinghe said they plan to do domestic drills like this every year 
with banks and other vulnerable establishments.

"We felt the Sri Lankan teams were taking more time on the analytical 
stuff. This is an area that needs to be improved but on the whole Sri 
Lanka's preparedness was comparatively good."

The countries took part in the drill were Australia, Bangladesh, 
People's Republic of China, Chinese Taipei, Hong Kong, India, Indonesia, 
Japan, Korea, Macao, Malaysia, Myanmar, Singapore, Sri Lanka, Thailand 
and Vietnam, Tunisia, Egypt and Pakistan.

TechCERT, a division of LK domain registry was appointed as the head of 
cyber security drill organising committee. It was tasked with scenario 
development, drill preparation co-ordination and 'artifact' development.


______________________________________________________________________________
Learn how to be a Pen Tester or a CISSP with Expanding Security online. Get
a free class invitation and see how good and fun the program really is.
http://www.expandingsecurity.com/PainPill