If you are having trouble viewing this email, click here to view this online



   ISSUE 79

26 February 2018

Article of the Month Around the World

Cyber Security Landscape in Sri Lanka


‘International Telecommunication Union (ITU) assesses individual countries commitment towards the implementation of cyber security related initiatives. Among the 193 ITU member countries, Sri Lanka ranked 72 in the Global Cybersecurity Index (GCI) in the year 20166. GCI assesses a country’s overall commitment towards cyber security in relation to six different dimensions, namely (a) legal, (b) technical, (c) capacity building, (d) organizational, and (e) cooperation dimensions6. Our performance in each dimension is assessed and rated either as initiating, maturing, or leading. Sri Lanka’s overall performance is rated as maturing.

a. LEGAL: We are Initiating
Assessed with reference to the existence of legislation on cybercrime and cybersecurity , and legal training.

b. TECHNICAL: We are Maturing
Assessed with reference to the existence of technical institutions and frameworks for dealing with cybersecurity related issues.

c. CAPACITY BUILDING: We are Maturing
Measured based on the existence of research and development, education and training programs, certified professionals and public sector agencies fostering capacity building

d. ORGANIZATIONAL: We are Maturing
Assessed based on the existence of institutions for policy formulation and coordination, and strategies for cybersecurity development at the national level

e. COOPERATION: We are Initiating
Measured based on the existence of partnerships, cooperative frameworks and information sharing networks




Dr. Kanishka Karunasena,

Research and Policy Development Specialist, Sri Lanka CERT

Source: https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-GCI.01-2017-PDF-E.pdf 

























1 Statistics on the Internet growth in Sri Lanka
2.The Dragon Research Group (DRG)
3.TSUBAME (Internet threat monitoring system) from JPCERT | CC
4.Shadowserver Foundation
5. Team Cymru

  Cyber Threat Brief: 2018 Winter Olympics


"...Major events like the Winter Olympics attract a lot of attention from fans all around the world. For three weeks fans will watch in person, on televisions, and online to follow the various competitive events. ..."


Beware of W-2-Related Phishing Scams


"...Reports of spoofed emails that ask for W-2 information is on the rise, according to the IRS office that tracks agency-related phishing attempts.."

  Google Assistant To Learn Dozens of Languages


'...Google Assistant is about to give the term multilingual a whole new meaning.

In a few months the tech giant's digital assistant will be able to help a broader range of people around the world by learning new languages, the company announced Friday....'

Email inboxes still the weakest link in security perimeters



'...Over one-third of all security incidents start with phishing emails or malicious attachments sent to company employees, according to F-Secure.....'

Apple defuses ‘text bomb’ bug


'....Apple has fixed an irritating bug that was apt to wreak havoc on many of the company’s products when they attempted to display a single character from the alphabet of Indian language of Telugu, according to a BBC report....'

Month in Brief
Facebook Incidents Reported to Sri Lanka CERT|CC in January 2018
  Statistics - Sri Lanka CERT|CC


'...Google Project Zero researchers are warning of two critical remote code execution vulnerabilities in popular versions of BitTorrent’s web-based uTorrent Web client and its uTorrent Classic desktop client. According to researchers, the flaws allow a hacker to either plant malware on a user’s computer or view the user’s past download activity....'

Car companies are preparing to sell driver data to the highest bidder

"...The confluence of the technology and automotive industries has given us mobility. It's not a great name, conjuring images of people riding rascal scooters in big box stores or those weird blue invalid carriages that the government handed out in the UK back in the last century. .. .."
Friendly warnings left in unsecured Amazon S3 buckets which expose private data

“..Ethical hackers are warning businesses who use Amazon S3 cloud storage if they have left data exposed for anyone to access… by leaving “friendly warnings” on the servers.....”
Developer gets prison after admitting backdoor was made for malice

."...An Arkansas man has been sentenced to serve almost three years in federal prison for developing advanced malware that he knew would be used to steal passwords, surreptitiously turn on webcams, and conduct other unlawful actions on infected computers....."

Notice Board
  Training and Awareness Programmes - February  2018

Brought to you by: