Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

ARM 7: ThaiCERT Operations and Priorities

580 vues

Publié le

Martijn van der Heide from ThaiCERT outlines the work of the CERT.

Publié dans : Internet
  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

ARM 7: ThaiCERT Operations and Priorities

  1. 1. 1 ThaiCERT – Operations and Priorities
  2. 2. Malware Lab & Digital Forensics Center Threat Analysis Team Incident Response Team Capacity Building and Compliance Team List of Common CSIRT Services, Handbook for Computer Security Incident Response Teams (CSIRTs), SEI, CMU Proprietary and Confidential National CERT Mission - Maintain a national point of contact for computer security threats and reduce the number of security incidents perpetrated from or targeted at systems in that country. ThaiCERT Services
  3. 3. ISPs 1. Gather raw incident reports Threat Watch System 2. Normalize, lookup, categorize, etc. 3. Generate a normalized report Raw Normalized 4. Distribute the sanitized report to the ISPs via web portal Web Defacement Blogs CERT/CSIRT Partners Proprietary and Confidential ThaiCERT ThreatWatch System
  4. 4. Incident Statistics 2014 Proprietary and Confidential 2,016 incidents (50.3%) were discovered by ThaiCERT ThreatWatch System Top requestors by country Report by Incident Type ThaiCERT handled 4,008 incidents. - Malicious code 1,735 (43.3%) - Fraud (Phishing) 1,010 (25.2%) - Intrusion 711 (17.7%) 12%14.6% 50.3% United States ThaiCERT Germany
  5. 5. Web Defacement Statistics in ASEAN 2014 0 500 1,000 1,500 2,000 2,500 3,000 3,500 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Brunei Cambodia Indonesia Laos Malaysia Myanmar Philippines Singapore Thailand Vietnam Data collected from public defacement databases by ThaiCERT ThreatWatch SystemNote: Proprietary and Confidential
  6. 6. Alert & Coordination (since ’12) Public and Private Sectors/ CERT/CSIRT Partners Ticketing and Analysis (’12-’15) Monitoring and Detection (’13’15) Threat Threat Alert Thailand Internet Community Public / Private Sectors Regulator Law enforcements (’13-’14) Internet Malware & Vulnerability Scanner (’15) Cyber Threat Detection for Government Agencies Protection Protection (’15) (’15) Web and DDoS Firewall for Government Agencies Traffic Flows Data Center Legitimate web traffics Known Malicious & DDoS Traffics Legitimate web traffics Threat Detection info ThaiCERT Government Monitoring System (GMS) Monitoring and Analysis Proprietary and Confidential
  7. 7. Proprietary and Confidential Information Security Expert Certification Level Test Score Certificates Work experience Advanced Greater than 80% iSEC-M3 or iSEC-T3 At least 5 years High Greater than 70% SEC-M2 or iSEC-T2 At least 3 years Basic Greater than 60% SEC-M1 or iSEC-T1 At least 1 year Capacity Building Activities – Local Certification 72 certificate holders
  8. 8. Technical Security Security Management 8 Capacity Building Activities - Training Mobile Forensics About 200 security practitioners from both public and private sectors were trained by ThaiCERT. Proprietary and Confidential
  9. 9. Proprietary and Confidential Malware Analysis Objectives: • Practice incident handling coordination between the banks, ISPs and ThaiCERT • Assess advanced technical skills such as malware analysis ThaiCERT Incident Drill for Fin sector & ISPs “To enhance the communication and participating teams’ incident response capabilities and cooperation between teams”
  10. 10. Proprietary and Confidential Malware Analysis Competition 2014 (MAC2014) “To raise interest of IT security for university students in Thailand and development of in- demand skill of malware analysis”• Organized by ThaiCERT and JPCERT/CC • Participation of 13 Teams from 9 universities in Bangkok • 3 Days of Training + Final Day for competition • For competition, team need to analyze behavior of malware and present the result skillfully in order to win the prize (a trip to join APCERT AGM 2015)
  11. 11. 11 • January 2014, D-Link Rom-0 vulnerability • April 2014, Heartbleed • May 2014, 0-day IE 6- IE 11 • August 2014, Android Trojan (SMS) • September 2014, 0-days • September 2014, ShellShock • October 2014, Poodle Press Conference/ Release Proprietary and Confidential
  12. 12. Proprietary and Confidential Publication
  13. 13. URL: kasikornbankgroup.ru First Found: 6/3/58 Host on Latvia Case study: Phishing without e-mail Feb 25 : Registered Phishing Domain Mar 6 : First found of Phishing site Proprietary and Confidential Phishing on Adsense
  14. 14. ThaiCERT/ETDA’s new home Proprietary and Confidential
  15. 15. 15 +66-2-123-1212 Report Incident: report@thaicert.or.th (KeyID: 0xF2CB3EE1) General Inquiry: office@thaicert.or.th (KeyID: 0x52D48426)