2. Malware Lab
& Digital
Forensics
Center
Threat
Analysis
Team
Incident
Response
Team
Capacity Building and
Compliance Team
List of Common CSIRT Services, Handbook for Computer Security Incident Response Teams (CSIRTs), SEI, CMU
Proprietary and Confidential
National CERT Mission - Maintain a national point of contact for computer security
threats and reduce the number of security incidents perpetrated from or targeted at
systems in that country.
ThaiCERT Services
3. ISPs
1. Gather raw
incident reports
Threat Watch System
2. Normalize, lookup,
categorize, etc.
3. Generate a
normalized report
Raw
Normalized
4. Distribute the
sanitized report to
the ISPs via web
portal
Web Defacement Blogs
CERT/CSIRT Partners
Proprietary and Confidential
ThaiCERT ThreatWatch System
4. Incident Statistics 2014
Proprietary and Confidential
2,016 incidents (50.3%)
were discovered by ThaiCERT
ThreatWatch System
Top requestors by country
Report by Incident Type
ThaiCERT handled 4,008
incidents.
- Malicious code 1,735 (43.3%)
- Fraud (Phishing) 1,010 (25.2%)
- Intrusion 711 (17.7%)
12%14.6%
50.3%
United States
ThaiCERT
Germany
5. Web Defacement Statistics in ASEAN 2014
0
500
1,000
1,500
2,000
2,500
3,000
3,500
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
Brunei
Cambodia
Indonesia
Laos
Malaysia
Myanmar
Philippines
Singapore
Thailand
Vietnam
Data collected from public defacement databases by ThaiCERT ThreatWatch SystemNote:
Proprietary and Confidential
6. Alert & Coordination
(since ’12)
Public and Private Sectors/ CERT/CSIRT Partners
Ticketing and Analysis
(’12-’15)
Monitoring and Detection
(’13’15)
Threat
Threat
Alert
Thailand Internet Community
Public / Private Sectors
Regulator Law enforcements
(’13-’14)
Internet Malware &
Vulnerability Scanner
(’15)
Cyber Threat Detection for
Government Agencies
Protection
Protection (’15)
(’15)
Web and DDoS Firewall for
Government Agencies
Traffic Flows
Data Center
Legitimate web traffics
Known Malicious
& DDoS Traffics
Legitimate web traffics
Threat Detection info
ThaiCERT Government Monitoring System (GMS)
Monitoring and Analysis
Proprietary and Confidential
7. Proprietary and Confidential
Information Security Expert Certification
Level Test Score Certificates Work experience
Advanced Greater than 80% iSEC-M3 or iSEC-T3 At least 5 years
High Greater than 70% SEC-M2 or iSEC-T2 At least 3 years
Basic Greater than 60% SEC-M1 or iSEC-T1 At least 1 year
Capacity Building Activities – Local Certification
72 certificate
holders
8. Technical Security
Security Management
8
Capacity Building Activities - Training
Mobile Forensics
About 200 security
practitioners from both
public and private sectors
were trained by ThaiCERT.
Proprietary and Confidential
9. Proprietary and Confidential
Malware Analysis
Objectives:
• Practice incident handling coordination between the banks, ISPs and ThaiCERT
• Assess advanced technical skills such as malware analysis
ThaiCERT Incident Drill for Fin sector & ISPs
“To enhance the communication
and participating teams’ incident
response capabilities and
cooperation between teams”
10. Proprietary and Confidential
Malware Analysis Competition 2014 (MAC2014)
“To raise interest of IT security
for university students in
Thailand and development of in-
demand skill of malware analysis”• Organized by ThaiCERT and JPCERT/CC
• Participation of 13 Teams from 9 universities in Bangkok
• 3 Days of Training + Final Day for competition
• For competition, team need to analyze behavior of malware and present the
result skillfully in order to win the prize (a trip to join APCERT AGM 2015)
11. 11
• January 2014, D-Link Rom-0 vulnerability
• April 2014, Heartbleed
• May 2014, 0-day IE 6- IE 11
• August 2014, Android Trojan (SMS)
• September 2014, 0-days
• September 2014, ShellShock
• October 2014, Poodle
Press Conference/ Release
Proprietary and Confidential
13. URL: kasikornbankgroup.ru
First Found: 6/3/58
Host on Latvia
Case study: Phishing without e-mail
Feb 25 : Registered Phishing Domain
Mar 6 : First found of Phishing site
Proprietary and Confidential
Phishing on Adsense