This is just a drill

APCERT holds cyber drill to stress-test response capabilities of 32 CSIRTs

Computer Security Incident Response Teams (CSIRTs) from across Asia-Pacific, the Middle East, and Africa have road-tested their incident response capabilities during an ambitious international cyber-attack simulation.

Organized by APCERT – the Asia-Pacific Computer Emergency Response Team – the annual cyber drill tasked 32 CSIRTs with helping a fictional local business respond to a malware infection and data breach, according to a press release (PDF) from APCERT.

This year’s eight-stage exercise, which concluded on March 11, saw teams collaborate with each other and various external organizations in taking down the cybercriminals’ infrastructure, analyzing malicious code, and notifying and assisting affected parties.

Of 32 teams participating in the 2020 event, whose theme was ‘Banker doubles down on Miner’, nine security response teams completed the task on time, according to a press release from Taiwan’s national Computer Emergency Response Team (TWNCERT).

However, the APCERT steering committee has emphasized that the drill is a dress rehearsal, not a competition.

“It is an inter border collaborative initiative among the members and partners to test the incident handling processes and communication of each team such as conducting analysis, security advisories, request for shutdown, etc. according to the drill scenarios,” the steering committee told The Daily Swig.

“The APCERT drill organizer will formulate cyber threat scenarios as close as possible to the present-day situation. This will assist the team preparedness in mitigating real life cyber threats as best as possible.”

Twenty-five CSIRTs from 19 Asia-Pacific countries (operating under the APCERT umbrella) took part in the simulation, together with seven from the Middle East (under OIC-CERT) and Africa (AfricaCERT).

Represented countries from the Asia-Pacific region included Australia, Bangladesh, Brunei Darussalam, China, Taiwan, Hong Kong, India, Indonesia, Japan, South Korea, Laos, Macau, Malaysia, Myanmar, New Zealand, Singapore, Sri Lanka, Thailand, and Vietnam.

Joining from outside the region were CSIRTs from Benin, Egypt, Jordan, Morocco, Nigeria, Pakistan, and Tunisia.

APCERT’s core mission – fostering expertise and intelligence sharing between 30 CSIRTs in 21 countries – is critical to bridging capability gaps between CERTS born of differing financial and human resources, and national regulations, said the committee.

APCERT had recently helped members share information on Covid-19-related cybercrime “on a real time basis”, they said, with coordination pivotal to halting a spate of “reflection DDoS attacks” by tracing the locations of server IP addresses to several countries.

YOU MIGHT ALSO LIKE Cryptojacking campaign infects up to 3,000 Windows machines a day