The Asia Pacific Computer Emergency Response Team (APCERT) today has completed its annual drill to test the response capability of the teams against attacks targeting critical infrastructure.
In this year's scenario, critical infrastructure companies of an imaginary economy were targeted. Employees of these companies received scam email and SMS containing hyperlinks to malware hosting websites. The malware, once installed, became part of a botnet, using IRC and a social network service channels to communicate with command and control severs. The botnet aimed to paralyze the targeted economy by commanding the bots to scan and infiltrate the critical infrastructure facilities like electric system, traffic monitoring system, etc. to cause them malfunction.
The scenario designed was prompted by the serious incident actually happening at the beginning of the year 2010. In this incident, Stuxnet worm was used to attack massive industrial network monitoring systems of many countries around the world. Stuxnet was also the culprit destroying Iranian nuclear installations when widely spreading in this country's industrial systems.
Bkav from Vietnam took part in the drill as a member of the organizing committee which had the responsibility to build the simulated system and a member of the exercise control group.
Teams from fifteen economies, namely Australia, China, Japan, Korea, Indonesia, etc. and Vietnam participated in the drill. Roy Ko, Chair of APCERT, said: "These attacks usually came from distributed locations that required the coordinated effort of CERT teams and security organizations from different economies to track and close down. It is vital for every CSIRT to build up their capability to detect and defend when the community at-large is under attack and the daily business of the economy is hampered. The coordination network that has been built up within the Asia-Pacific region is a valuable resource to help each other in the event of such incident. The drill exercise will help us verify our points of contacts and procedures, and to respond to active Internet attacks in progress."