Although we were not able to gather in Dhaka, Bangladesh for APNIC 50 and organize an in-person FIRST TC like we did at previous APNIC conferences, with the support of the community and friends we were able to run interesting security sessions virtually.
The two FIRST TC sessions at APNIC 50 featured seven presenters from the APNIC region. I had the privilege of moderating the sessions and have summarized the themes as follows (spoiler alert!):
Preparedness
Attackers are always looking for opportunities and will ‘exploit’ the pandemic or any weaknesses to their advantage. It is said that security is a state of being, so preparedness is part of the security improvement journey that organizations need to undertake. Kalana Guniyangoda from TechCERT/LK addressed the importance of preparedness by sharing case studies on ransomware infection in enterprises in Sri Lanka. Chih-Hung Lin and Henry Chu from TWCERT/CC shared their experiences with security incidents observed in Taiwan that related to COVID-19. Also interesting was the role of the national CERT in coordinating incident response and providing awareness to the community.
Detection is prevention
A security incident or breach normally begins with detection. This could be based on proactive monitoring and/or knowledge or threats being executed. Charles Lim from the Swiss German University talked about their Honeynet project for producing threat intelligence that can be consumed by the community. This project was among those to receive an ISIF Asia grant in 2019.
Debashis Pal from BGD eGOV CIRT spoke about the practical aspects of traffic analysis in dissecting and identifying malicious activities. His presentation also showcased the kind of practical knowledge that is important for day-to-day work.
It’s always the DNS
The DNS is a critical piece of the Internet, so it’s not surprising that it’s subjected to abuse. Ha Dao from the Graduate University of Advanced Studies Sokkendai (JP) shared her research on how content providers are (ab)using CNAME to engage in tracking and bypass browser blockers. The DNS, particularly Passive DNS, can also be useful for analysing threats. Swapneel Patnekar gave an introduction on passive DNS techniques and provided a demonstration of how security analysts can use them to their advantage.
Overall, everything went well. Many thanks to all the speakers for the interesting presentations and also thanks to the attendees for making the sessions very engaging. And of course, if you missed it, don’t worry! You can still watch the presentations on YouTube (available at the bottom of this post), or download them from the conference website (links above).
Security Round Up (July – September 2020)
- PaCSON Virtual Workshop
- Adli Wahid delivered a tutorial on how to write Suricata signatures for the PacSON community.
- UCENet/INTERPOL Engagement
- Adli delivered a talk on Linux/Unix malware observed on the APNIC community Honeynet project to the Law Enforcement Agency (LEA) community. The event was jointly organized by ICANN and ARIN.
- SANS DFIR Summit
- Adli participated in this virtual event, along with the digital forensics and incident response community.
- DNS Security from a Client Perspective
- Jamie Gillespie delivered this webinar through the APNIC Academy.
- Security Engagement with the Pakistan Community
- Adli delivered four sessions on security analysis for the Pakistani ISP and telco community. The event was organized by the Pakistan Telecommunication Authority (PTA).
- Asia Pacific Advanced Network virtual conference (APAN 50)
- Jamie delivered a two-day tutorial on Vulnerability Assessment and Penetration Testing for attendees from the Research and Education Network community.
- Jamie was also the Co-Chair for the Security Working Group, and a member of the conference technical committee.
- Security Engagement with the Mongolian Community
- Adli delivered four sessions on log analysis with ELK stack for the ISP security community in Mongolia. The event was facilitated by Tugso from GEMNET.
- UN INCB Expert Group Meeting on Dangerous Substance Trafficking through Social Media and other Internet-related Services
- Jamie attended this five-day meeting and delivered a presentation on how the Internet registry system operates, the APNIC Whois Database, and how APNIC engages with LEAs.
- Security Talk for University Technology Malaysia
- Adli delivered a talk for the School of Computing Universiti Teknologi Malaysia, as part of a conversation with the security practitioners webinar.
- AusCERT Conference 2020
- Jamie and Adli attended the AusCERT virtual Conference. Both were also on the conference program committee.
- Security Tutorial for Women in ICT, Tonga
- Adli delivered a security tutorial for the Women in ICT group in Tonga.
- Asia Pacific Regional Internet Governance Forum (APrIGF)
- Adli was a contributor to the ‘Do cyber norms help or hinder incident response activities’ session, and Jamie observed.
- APCERT Annual General Meeting
- Adli observed the APCERT Annual General Meeting. APNIC has joined APCERT as a Strategic Partner.
You can watch the FIRST security sessions from APNIC 50 below.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.