If you are having trouble viewing this email, click here to view this online

 

VOLUME 66

   ISSUE 66

20 January 2017

Article of the Month Around the World

Sri Lanka CERT|CC trains Bhutan Computer Incident Response Team (BtCIRT)

 

 

Sri Lanka CERT|CC, the national center for cyber security in Sri Lanka, recently undertook an assignment to train the staff of Bhutan’s national CERT.
Bhutan Computer Incident Response Team (BtCIRT) is a part of the Department of Information Technology and Telecom, Ministry of Information and Communication of Bhutan. The team commenced operations in April 2016.
 


On the request of Bhutan’s Ministry of Information and Communication, Sri Lanka CERT|CC invited Bhutan CERT staff for a 4 day training programme on CERT operations. Five Bhutan CERT staff were trained under this programme. The training commenced on 26th December 2016 at Sri Lanka CERT’s offices, and all the training was conducted by Sri Lanka CERT|CC staff. The training consisted of in-house experience sharing sessions as well as high-level technical sessions relating to Incident handling, Vulnerability Assessment, Penetration Testing and Digital Forensics Investigations, as well as Information Security Policy Formulation and Implementation.

 

 

Sri Lanka CERT|CC is a Member of the Asia Pacific Computer Emergency Response Team (APCERT) and the Forum of Incident Response and Security Teams (FIRST).


As an active and long-time Operational Member of APCERT, Sri Lanka CERT|CC is expected to perform certain tasks within the community, such as participating in regional incident response drills, signing up for APCERT initiated security projects, sharing threat intelligence, and building and maintaining contact with other APCERT members.
 

Additionally, Sri Lanka CERT|CC supports newly established CERT teams in the region to develop their capabilities and obtain membership of APCERT and FIRST. Earlier this year (2016) Sri Lanka CERT helped Tonga CERT officials with in-house experience sharing sessions, that eventually led to the establishment of Tonga’s national CERT. A similar assignment was undertaken in November 2016, when Sri Lanka CERT|CC sponsored Bangladesh’s application for Asia Pacific CERT membership, by carrying out a comprehensive audit of Bangladesh national CERT’s operations.


Founded in 2006, the Sri Lanka Computer Emergency Readiness Team | Coordinating Centre (Sri Lanka CERT|CC), is Sri Lanka’s National CERT and a fully owned subsidiary of ICTA under the supervision of the Ministry of Telecommunications and Digital Infrastructure. It is mandated with the task of protecting Sri Lanka’s Information and Information Systems infrastructure. Its services range from responding to and investigating information security breaches, to preventing security breaches by way of awareness creation, security assessments and security capability building. It is a member and the national point of contact, for both the Asia Pacific Computer Emergency Response Team (APCERT) and the Forum of Incident Response Security Teams (FIRST), which are regional and global associations respectively, formed to coordinate security efforts between nations.

 

Learn more at www.cert.gov.lk
 

 

 

 

 

 

 

 

 

 

 


 




 

 

 

 

 

 

 

 

 

 

 

 

References

1 Statistics on the Internet growth in Sri Lanka
http://www.trc.gov.lk/images/pdf/
statis_sep_2012.doc
2.The Dragon Research Group (DRG)
http://www.dragonresearchgroup.org/
3.TSUBAME (Internet threat monitoring system) from JPCERT | CC
https://www.jpcert.or.jp/english/tsubame/
4.Shadowserver Foundation
http://www.shadowserver.org/wiki/
5. Team Cymru
http://www.team-cymru.com
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
  
  Cyber-savvy New Year’s resolutions you’ll want to keep
  

   "....For many, the New Year is a great time for starting afresh and improving on behaviors and actions from the previous year. As a result, many of us turn our attention to New Year’s resolutions – setting goalposts for the year ahead. While losing weight, quitting smoking or hitting the gym are all popular resolutions, it’s worth giving thought to your relationship with technology too....."
 

The economics of ransomware revealed

  

"...70 percent of businesses infected with ransomware have paid ransom to regain access to business data and systems. In comparison, over 50 percent of consumers surveyed said they would not pay to regain access back to personal data or devices aside from financial data, according to IBM Security..."

  The 10 biggest security incidents of 2016
   

'...2016 has been a challenging year for politics, public sanity and celebrity longevity, but also, for individuals and companies, a testing time in terms of online security. Pitted against increasingly sophisticated and targeted cybercriminals, it’s not been easy going, as these notable security incidents from the past 12 months reveal.....'

Intel Core i7-7700K Kaby Lake review: Is the desktop CPU dead?

   

  

'....The Intel Core i7-7700K is what happens when a chip company stops trying. The i7-7700K is the first desktop Intel chip in brave new post-"tick-tock" world—which means that instead of major improvements to architecture, process, and instructions per clock (IPC), we get slightly higher clock speeds and a way to decode DRM-laden 4K streaming video. Huzzah.......'

5 disruptive technologies to track in 2017

  

'....Digital transformation is sparking change on many fronts, which means IT professionals have a lot to tackle as they head into 2017.

As part of this march toward IT-driven reinvention, tech leaders are keeping watch on several emerging technologies that they believe will be catalysts for long-term innovation.....'

Month in Brief
Facebook Incidents Reported to Sri Lanka CERT|CC in December 2016
     
  Statistics - Sri Lanka CERT|CC

Police mull gathering crime evidence from smart home devices

'...Detectives are being trained to process data gathered from Internet of Things (IoT) “smart” devices for use in criminal investigations, Scotland Yard’s forensic head Mark Stokes has told The Times.

Internet-enabled fridges, toasters, washing machines and coffee makers have endured a mixed press – security flaws that render them potentially hackable have been a recurring theme recently – but to police the forensic opportunity is the real deal....'

Google Researcher Finds Certificate Flaws in Kaspersky Products

"...Google Project Zero researcher Tavis Ormandy has discovered two serious certificate-related issues in Kaspersky Lab’s anti-malware products. The flaws were addressed by the security firm in late December.

The first vulnerability, rated “critical” by Ormandy, is related to how Kaspersky Antivirus inspects SSL/TLS connections. According to the expert, Kaspersky uses a Windows Filtering Platform driver to intercept outgoing HTTPS connections...."
Chinese hackers of NY law firms charged

“...After hacking their way into the networks of seven law firms and siphoning out data that was used in making $4 million profit in trades, three Chinese men were hit with charges and one was arrested......”
FOUR NEW NORMALS FOR 2017

Let’s not talk about cybersecurity predictions for 2017. Let’s talk instead about new normals, things that have ceased to be novel because, well, they happen all the time and everywhere.

Let’s concede that things such as greedy ransomware, imposing IOT botnets, high-profile bug bounties and bug-buying-and-selling governments aren’t going away. They can’t be fixed; won’t be swayed; are part of the landscape; insert your favorite cliché here.'

 
Notice Board
  Training and Awareness Programmes - January  2017
  
DateEventVenue
10th to 11th January University Grants Commission, Colombo 07 Awareness program on student admission procedure for State Universities – Sinhala medium
16th January University Grants Commission, Colombo 07 Awareness program on student admission procedure for State Universities – Tamil medium
23rd to 27th January Meepe, Leadership Training Center, A/L Syllabus Training

Brought to you by: