Common themes in cyber attacks and what they mean for defenders' presentation by Adli Wahid for Cyberdefcon Bangladesh held on 21 January in Lakeshore Gulshan, Bangladesh.

1. Common
Themes in Cyber
Attacks & What
They Mean for
Defenders
Adli Wahid
APNIC
TLP: Green
1

2. Let’s Connect!
• Background
o Academia
o National CERT (MYCERT / Cyber Security
Malaysia)
o FI – BTMU
o Community – FIRST, INTERPOL/LEA etc
• LinkedIn: Adli Wahid
• Twitter/Instagram: @adliwahid
2

3. There’s Lots To Talk About
Recent
Breaches
Your Breach
3

4. Underlying Themes
• ’Same old thing’ tactic-wise
oTold in the form of
‘frameworks’ ☺
• Managing Security -
Technical & Non-Technical
issues
• Scary prospect – adversaries
move faster & accomplish
goals
Quick Story #1
2007 –
Anti-Phishing Working Group
4
Cryptominer & Attacker Infrastructure
4/2021 - 2023

5. Defending
Imperfect
Systems
Lack or Lapse in Security (PPT)
Designed without real security context
Interdependencies – outside your control
Incomplete Knowledge & Expertise
5

6. Defending
in An
Imperfect
Ecosystem
Consequences of Action or Inaction
Law Enforcement Capabilities **
Fire-Fighting Mode
Defending in Silos
6

7. Defending in
Silos
• The Stigma of Sharing
• Key Idea:
o Defending the smallest unit /
element
o Strengthening the most ‘less
capable’ team
7

8. Cyber Defenders Unite!
Quick Story #2
8

9. Why Defenders?
insights/intel
insights/intel
9

10. The Cyber Defenders Unite!
• Strengthening the Community
• Collaboration is not optional
• Main-streaming the perspective of cyber
defense and related issues
• Insights to help visualize problem + drive action
• TI yes, but attackers & attackers Infrastructure
plus more
• (Strategic) Engagement with other
stakeholders
Story #3
National Cyber
Drill (X-Maya)
Low Moderate Moderate Caution High Caution
9:00:00 10.30 am 12:30:00 14:12:00 15.07:00 PM 15:53:00
National Cyber Threat Level
10

11. Community Building
• Trust & Ethics
• Keeping the momentum (diversify
activities but practical)
• Champions/ambassadors/leaders
• Pitching in – resources and expertise
• Building and enhancing tools for everyday
use
oMISP, Yara, Sigma, and many other Open
Source Tools
• Reaching out to other communities
o(FIRST, APCERT, NZITF, JCSC, FS-ISACS etc)
11

12. MISP – www.misp-project.org
MISP instance 1 MISP instance 2
User 1 User 2 User 3
User 1 User 2 User 3
12

13. Reality Check - Who is not in
the room?
• Be Optimistic but Lower Your
Expectations ☺
• Series of activities & see
what happens next
• Build the core, trust within
the community and move
forward
13

14. Thank you &
Let’s Do This!
@adliwahid
14