APNIC Senior Internet Security Specialists Adli Wahid discusses ways the community can collaborate to prevent and mitigate cyber attacks.

1. Empowering the Community
to Enhance Cyber Security
Adli Wahid
Senior Internet Security Specialist

2. Let’s Connect!
Adli Wahid @ LinkedIn
o Security Engagement
o APNIC Community Honeynet Project
o APNIC Academyc https://academy.apnic.net

3. Security, Now!
• Adversaries / Attackers do not wait
• Incidents in all shapes and sizes
• Lack of Security & Lapse in Security
• Context (Pacific)
• Limited Opportunities
• Important but focus on national level
work
o National cert/csirts
o National Cyber Security Strategy

4. Mozi Botnet Observation
• Infected devices hitting our honeypots from ASXXXX
• Around 70 IP addresses (since June 2022)
• Infected devices will scan and infect other devices on the
internet (via telnet and/or 80)
• Common Device – Zyxel with port 80 exposed
• Possibly can be exploited (authentication bypass)
• Note: Recursion enabled (possible use for amplification
attack)
• Recommendation
• Assessment of Infrastucture (i.e. Shodan.io)
• Get alerts – dash.apnic.net (dashboard)
• Or via Slack
Suspicious Traffic?
dash.apnic.net

5. Security Awareness
• General threats (for everyone)
• Specific for Defenders
oWhat are we defending against / what’s the impact?
oHow does it look like?
oWhat was the lessons learned?
oHow do I setup the controls?
oWho can I trust with XYZ
• Can’t master over night
• Continuous process & learning on the job
Do you have security.txt on
your website?
www.apnic.net/security.txt
https://securitytxt.org/

6. The Security Community
• Learning Together
• Critical Mass + expanding the community
• Beyond the headlines*
• Developing Trust
• Information Sharing
• General
• Threat Sharing
• Joint Activities / Initiatives
• Link with other Communities (regional / global)
• Getting the right people in the room + checking on who are we missing
• Support/complement other local security initiatives
Q: Have you
experienced or seen
ransomware or a
targeted attack?
No
Defenders

7. Examples
Cyberdefcon
Bangladesh
www.cyberdefcon.
io
NZITF FIRST.org
Just Started 2023
+ Annual
Conference
Regular Sharing /
Meeting & Annual Conf
Active Threat
Exchange (MISP)
FS-ISAC JP
Annual Cyber
Exercise –
CyberQuest
Many more!
https://blog.apnic.net/2017/02/06/cybe
rquest-incident-handling-exercise-
japanese-financial-industry/

8. Summary
• Encourage community building focusing sharing/learning
• Possible to leverage what is out there (i.e. SITA in WS, TWICT in TO)
• Regular activities, needs a community driver
• Establish rules of engagement (i.e. traffic light protocol)
• CERT/CSIRT of the Last Resort
• APNIC is always happy to support J

9. Thank You
Adli Wahid
adli@apnic.net