No, most ASEAN countries are not ready for “serious cybersecurity.” Cybersecurity requires a persistent and consistent rhythm of action that fixes known security risks. Public benefit—non-profit cyber civil defense organizations like the Shadowserver Foundation, CyberGreen, and other organizations deliver actionable cyber-risk reporting as a public benefit. Yes, these reports are free to organizations seeking to reduce cyber-risk. Yet, these free reports are ignored. It is no surprise when organizations and governments get hacked.
How bad is it?
Poor cybersecurity hygiene, a lack of daily cyber health actions, and ignoring the best common practices make accessing networks throughout ASEAN easy for any Threat Actor. This includes many Government and Critical Infrastructure organizations that have dedicated teams working to protect their organizations.
The best way to see this risk is by exploring the Shadowserver Foundation’s Dashboard. This figure lists all the devices communicating with one of the Shadowserver Foundation’s Sinkholes. Sinkholes are a “malware takedown” technique that captures the Command & Control (C&C) used by the malware. The C&C controls the malware. The malware regularly reaches out to the C&C.
Sinkhole operations are a collective action to replace the C&C. This has all the malware easily seen as they “call home.” The Shadowserver Foundation is one organization that hosts Sinkhole services, helps other organizations conduct Sinkhole Operations, and works with peers in the community with their Sinkhole operations.
The Shadowserver Foundation then sends organizations with malware in their network talking to the Sinkholed C&C daily alerts. These daily alerts are detailed to allow organizations to work with their firewall/NAT logging to find the specific device. That organization can then open an incident and take action.
Is minimizing cyber-risk hard?
One story I always share so people understand how easy this is goes back to my Juniper Network days. In those days, the Shadowserver reports were emails every day. One day back, when I was Juniper Network’s SIRT Director, I got a new report on the Torpig botnet (also called Sinowal or Mebroot). It is now part of the “victim notification” of a malware takedown. 19 computers were listed as “infected” and talking to the Torpig/Mebroot Sinkhole.
My first thought was, “Why are their 19 Computer infected with MBROOT?” This was the sign of a bigger problem!
First things first …. I called the team inside Juniper, activated our “we have malware inside our network,” and together, we quarantined those 19 computers with people working on the risk and threat analysis. We got lucky that day. The MBROOT infections happened the day before. The threat actors did not get a foothold, and the malware was communicating to a Sinkhole.
We found that up-to-date operating systems, malware protection, firewalls, layers of security, and compartmentalization were bypassed. The threat actors used a Firefox zero-day inside an advertisement on Microsoft’s new service (i.e., a malvertisement).
That incident was not hard to resolve. It started with a morning “health cybersecurity habit” to review the Shadowserver Foundation’s free reporting. Today, organizations do not need to look at emails; they can use DevOps/SecOps to get free data via APIs. Shadowserver’s Network Report prevented Juniper Network’s potential damage to the organization. The infection vector was identified, and extra network protections were implemented to protect the organization. All from a public benefit report!
Health Cybersecurity Habits are NOT HARD! Why are so many organizations aware they are at risk but do nothing to minimize that risk?
Are you looking for low-cost & effective cyber security & resiliency?
Do your homework before spending $$$ on vendor solutions that try to match many of the public benefit cybersecurity tools. Reach out to a community with decades of experience who seek to help organizations minimize their cybersecurity risk through essentials that leverage public benefit services. Cyber Civil Defence tools like Shadowserver.org provide organizations with quality that cannot be matched through commercial alternatives.
- Subscribe to the Senki Community Mailing List. Stay connected to Surfing Cybersecurity practical advice and critical “do this now” operation security recommendations by email.
- Subscribe to the Shaodwserver Foundation’s and Senki’s YouTube Channels. Catch videos designed to help empower you with cost-effective techniques to help you safeguard your network.
- Ask questions to Barry Greene – bgreene@senki.org
The materials and guides posted on www.senki.org here are designed to help organizations leverage the talent around them to get started with their security activities. Start with the Operator’s Security Toolkit and Meaningful Security Conversations with your Vendors. Each is no-nonsense security for all Operators. It provides details to help them build more security-resilient networks. In the meantime, stay connected to the Senki Community to get updates on new empowerment and security insights.