Common themes in cyber attacks and what they mean for defenders' presentation by Adli Wahid for Cyberdefcon Bangladesh held on 21 January in Lakeshore Gulshan, Bangladesh.
2. Let’s Connect!
• Background
o Academia
o National CERT (MYCERT / Cyber Security
Malaysia)
o FI – BTMU
o Community – FIRST, INTERPOL/LEA etc
• LinkedIn: Adli Wahid
• Twitter/Instagram: @adliwahid
2
4. Underlying Themes
• ’Same old thing’ tactic-wise
oTold in the form of
‘frameworks’ ☺
• Managing Security -
Technical & Non-Technical
issues
• Scary prospect – adversaries
move faster & accomplish
goals
Quick Story #1
2007 –
Anti-Phishing Working Group
4
Cryptominer & Attacker Infrastructure
4/2021 - 2023
5. Defending
Imperfect
Systems
Lack or Lapse in Security (PPT)
Designed without real security context
Interdependencies – outside your control
Incomplete Knowledge & Expertise
5
10. The Cyber Defenders Unite!
• Strengthening the Community
• Collaboration is not optional
• Main-streaming the perspective of cyber
defense and related issues
• Insights to help visualize problem + drive action
• TI yes, but attackers & attackers Infrastructure
plus more
• (Strategic) Engagement with other
stakeholders
Story #3
National Cyber
Drill (X-Maya)
Low Moderate Moderate Caution High Caution
9:00:00 10.30 am 12:30:00 14:12:00 15.07:00 PM 15:53:00
National Cyber Threat Level
10
11. Community Building
• Trust & Ethics
• Keeping the momentum (diversify
activities but practical)
• Champions/ambassadors/leaders
• Pitching in – resources and expertise
• Building and enhancing tools for everyday
use
oMISP, Yara, Sigma, and many other Open
Source Tools
• Reaching out to other communities
o(FIRST, APCERT, NZITF, JCSC, FS-ISACS etc)
11
13. Reality Check - Who is not in
the room?
• Be Optimistic but Lower Your
Expectations ☺
• Series of activities & see
what happens next
• Build the core, trust within
the community and move
forward
13