2. Let’s Connect!
Adli Wahid @ LinkedIn
o Security Engagement
o APNIC Community Honeynet Project
o APNIC Academyc https://academy.apnic.net
3. Security, Now!
• Adversaries / Attackers do not wait
• Incidents in all shapes and sizes
• Lack of Security & Lapse in Security
• Context (Pacific)
• Limited Opportunities
• Important but focus on national level
work
o National cert/csirts
o National Cyber Security Strategy
4. Mozi Botnet Observation
• Infected devices hitting our honeypots from ASXXXX
• Around 70 IP addresses (since June 2022)
• Infected devices will scan and infect other devices on the
internet (via telnet and/or 80)
• Common Device – Zyxel with port 80 exposed
• Possibly can be exploited (authentication bypass)
• Note: Recursion enabled (possible use for amplification
attack)
• Recommendation
• Assessment of Infrastucture (i.e. Shodan.io)
• Get alerts – dash.apnic.net (dashboard)
• Or via Slack
Suspicious Traffic?
dash.apnic.net
5. Security Awareness
• General threats (for everyone)
• Specific for Defenders
oWhat are we defending against / what’s the impact?
oHow does it look like?
oWhat was the lessons learned?
oHow do I setup the controls?
oWho can I trust with XYZ
• Can’t master over night
• Continuous process & learning on the job
Do you have security.txt on
your website?
www.apnic.net/security.txt
https://securitytxt.org/
6. The Security Community
• Learning Together
• Critical Mass + expanding the community
• Beyond the headlines*
• Developing Trust
• Information Sharing
• General
• Threat Sharing
• Joint Activities / Initiatives
• Link with other Communities (regional / global)
• Getting the right people in the room + checking on who are we missing
• Support/complement other local security initiatives
Q: Have you
experienced or seen
ransomware or a
targeted attack?
No
Defenders
7. Examples
Cyberdefcon
Bangladesh
www.cyberdefcon.
io
NZITF FIRST.org
Just Started 2023
+ Annual
Conference
Regular Sharing /
Meeting & Annual Conf
Active Threat
Exchange (MISP)
FS-ISAC JP
Annual Cyber
Exercise –
CyberQuest
Many more!
https://blog.apnic.net/2017/02/06/cybe
rquest-incident-handling-exercise-
japanese-financial-industry/
8. Summary
• Encourage community building focusing sharing/learning
• Possible to leverage what is out there (i.e. SITA in WS, TWICT in TO)
• Regular activities, needs a community driver
• Establish rules of engagement (i.e. traffic light protocol)
• CERT/CSIRT of the Last Resort
• APNIC is always happy to support J