Common themes in cyber attacks and what they mean for defenders' presentation by Adli Wahid for Cyberdefcon Bangladesh held on 21 January in Lakeshore Gulshan, Bangladesh.
2. Letâs Connect!
⢠Background
o Academia
o National CERT (MYCERT / Cyber Security
Malaysia)
o FI â BTMU
o Community â FIRST, INTERPOL/LEA etc
⢠LinkedIn: Adli Wahid
⢠Twitter/Instagram: @adliwahid
2
4. Underlying Themes
⢠âSame old thingâ tactic-wise
oTold in the form of
âframeworksâ âş
⢠Managing Security -
Technical & Non-Technical
issues
⢠Scary prospect â adversaries
move faster & accomplish
goals
Quick Story #1
2007 â
Anti-Phishing Working Group
4
Cryptominer & Attacker Infrastructure
4/2021 - 2023
5. Defending
Imperfect
Systems
Lack or Lapse in Security (PPT)
Designed without real security context
Interdependencies â outside your control
Incomplete Knowledge & Expertise
5
7. Defending in
Silos
⢠The Stigma of Sharing
⢠Key Idea:
o Defending the smallest unit /
element
o Strengthening the most âless
capableâ team
7
10. The Cyber Defenders Unite!
⢠Strengthening the Community
⢠Collaboration is not optional
⢠Main-streaming the perspective of cyber
defense and related issues
⢠Insights to help visualize problem + drive action
⢠TI yes, but attackers & attackers Infrastructure
plus more
⢠(Strategic) Engagement with other
stakeholders
Story #3
National Cyber
Drill (X-Maya)
Low Moderate Moderate Caution High Caution
9:00:00 10.30 am 12:30:00 14:12:00 15.07:00 PM 15:53:00
National Cyber Threat Level
10
11. Community Building
⢠Trust & Ethics
⢠Keeping the momentum (diversify
activities but practical)
⢠Champions/ambassadors/leaders
⢠Pitching in â resources and expertise
⢠Building and enhancing tools for everyday
use
oMISP, Yara, Sigma, and many other Open
Source Tools
⢠Reaching out to other communities
o(FIRST, APCERT, NZITF, JCSC, FS-ISACS etc)
11
13. Reality Check - Who is not in
the room?
⢠Be Optimistic but Lower Your
Expectations âş
⢠Series of activities & see
what happens next
⢠Build the core, trust within
the community and move
forward
13