2. Letโs Connect!
Adli Wahid @ LinkedIn
o Security Engagement
o APNIC Community Honeynet Project
o APNIC Academyc https://academy.apnic.net
3. Security, Now!
โข Adversaries / Attackers do not wait
โข Incidents in all shapes and sizes
โข Lack of Security & Lapse in Security
โข Context (Pacific)
โข Limited Opportunities
โข Important but focus on national level
work
o National cert/csirts
o National Cyber Security Strategy
4. Mozi Botnet Observation
โข Infected devices hitting our honeypots from ASXXXX
โข Around 70 IP addresses (since June 2022)
โข Infected devices will scan and infect other devices on the
internet (via telnet and/or 80)
โข Common Device โ Zyxel with port 80 exposed
โข Possibly can be exploited (authentication bypass)
โข Note: Recursion enabled (possible use for amplification
attack)
โข Recommendation
โข Assessment of Infrastucture (i.e. Shodan.io)
โข Get alerts โ dash.apnic.net (dashboard)
โข Or via Slack
Suspicious Traffic?
dash.apnic.net
5. Security Awareness
โข General threats (for everyone)
โข Specific for Defenders
oWhat are we defending against / whatโs the impact?
oHow does it look like?
oWhat was the lessons learned?
oHow do I setup the controls?
oWho can I trust with XYZ
โข Canโt master over night
โข Continuous process & learning on the job
Do you have security.txt on
your website?
www.apnic.net/security.txt
https://securitytxt.org/
6. The Security Community
โข Learning Together
โข Critical Mass + expanding the community
โข Beyond the headlines*
โข Developing Trust
โข Information Sharing
โข General
โข Threat Sharing
โข Joint Activities / Initiatives
โข Link with other Communities (regional / global)
โข Getting the right people in the room + checking on who are we missing
โข Support/complement other local security initiatives
Q: Have you
experienced or seen
ransomware or a
targeted attack?
No
Defenders
7. Examples
Cyberdefcon
Bangladesh
www.cyberdefcon.
io
NZITF FIRST.org
Just Started 2023
+ Annual
Conference
Regular Sharing /
Meeting & Annual Conf
Active Threat
Exchange (MISP)
FS-ISAC JP
Annual Cyber
Exercise โ
CyberQuest
Many more!
https://blog.apnic.net/2017/02/06/cybe
rquest-incident-handling-exercise-
japanese-financial-industry/
8. Summary
โข Encourage community building focusing sharing/learning
โข Possible to leverage what is out there (i.e. SITA in WS, TWICT in TO)
โข Regular activities, needs a community driver
โข Establish rules of engagement (i.e. traffic light protocol)
โข CERT/CSIRT of the Last Resort
โข APNIC is always happy to support J