About mmCERT (Our Issue, Challenges & Initiatives)

ITU Cybersecurity Forum and Cyber Drill

Vientiane, Lao PDR 9-11 December 2013

Copyright @2013, mmCERT/cc

Ye Yint Min Thu Htut mmCERT/cc

Table of Contents

mmCERT Initiatives

Cyber Security Issues

Challenges

Conclusion

Copyright @2013, mmCERT/cc

mmCERT Initiatives

Myanmar Computer Emergency Response Team (mmCERT)

was formed by e-National Task Force according to the

Initiative of ASEAN Integration (IAI) agreement in July 2004.

mmCERT is a non profit organization and wholly government

funded since 2004.

mmCERT is a transitioning member of APCERT since

December, 2011.

mmCERT/cc was launched by Ministry of Communication and

Information Technology in December 2010.

Copyright @2013, mmCERT/cc

Ministry of Communication and Information Technology (MCIT)

Myanmar Post and Telecommunications (MPT)

Information and Technology Department (IT Dept.)

mmCERT/cc

Management = 3

Staff = 9

Organization Structure

Related Organizations Global • Internal CERT/CSIRT Local • Internet Service Providers • Data Centers • Government Agencies • Cyber Crime Unit • MCF, MCPA • Businesses • Internet Users

Copyright @2013, mmCERT/cc

Functions of mmCERT/cc

Operation

Incident Handling

Web Monitoring (MM)

Research Tsubame

ITMA 3

Awareness

www.mmcert.org.mm

Weekly Electronic Newsletter, Pamphlet

International Cooperation

Cyber Security Exercise (Drill) Training/ Workshop/ Conference

Seminar, Training

Security Auditing (Check List) & Advisory

Support

HRD, Finance & Administration ISMS & Mission Support

Copyright @2013, mmCERT/cc

Cyber Security Issues

DDoS Attack in Data Center

Targeted DDoS/ DoS Attack

Targeted E.Mail Attack

Web Defacement

SPAM E.Mail

Phishing

Scanning

Violation of Privacy in SNS

2012 - 2013

Copyright @2013, mmCERT/cc

4%

0% 29%

6%

17%

38%

2%

4%

Type of Incidents

Scanning

Sniffing

DoS

DDoS

Malware

Exploiting knownVulnerabilitiesLogin Account

Unauthorized use

Incident Statistics in 2013

Copyright @2013, mmCERT/cc

Example Incident

Exploiting Weakness of Framework

Used Outdated framework (Joomla 1.5.x)

Copyright @2013, mmCERT/cc

Example Incident

Copyright @2013, mmCERT/cc

Exploiting Weakness of Framework

Can easily found several exploit on net

Exploited & Defaced

Challenges

Copyright @2013, mmCERT/cc

Human Resource Development

Professional Skillful Workers

Penetration Tester

Malware Analyst

Incident Handler

Forensic Expert

Challenges

Copyright @2013, mmCERT/cc

Best Achievement

Standard Penetration Testing Methodology

Standard System Security Guide

Standard Security Assessment / Advisory

Report

o Nowadays cyber security initiatives become national strategic level

with government’s direction.

o Myanmar’s economic development is gradually growing up late 2010.

o More and more incidents are waiting for us.

o We need security assessment in the various sectors.

We expect to promote collaboration with

international organizations especially ITU, IMPACT,

JPCERT and ASEAN member states.

We expect training / materials / guidance from them.

Conclusion

Copyright @2013, mmCERT/cc

www.mmcert.org.mm yeyintminthuhtut@mmcert.org.mm

+95 9 452338122

Thank you for your attention. Q & A

Copyright @2013, mmCERT/cc