Published on 10 Sep 2019
The Cyber Security Agency of Singapore (CSA) hosted the 14th iteration of the ASEAN Computer Emergency Response Team (CERT) Incident Drill (ACID) on 4th September 2019. An annual drill organised to test incident response procedures and strengthen cybersecurity preparedness and cooperation among CERTs in ASEAN Member States (AMS) and key Dialogue Partners, Singapore has been hosting ACID since 2006.
In ACID exercises, CERTs are put through a series of scenario injects designed based on prevailing cybersecurity threats such as ransomware, phishing, malware infection and brute force attacks. Participants are required to investigate, analyse and recommend remediation and mitigation measures in their reports.
This year’s theme, “Combat Evolving Cyber Threats with Good Cyber Hygiene”, was chosen due to the increasing prevalence of cyber incidents involving breach of sensitive information such as users’ credentials. Leaked credentials are a staple data source for threat actors to carry out malicious activities such as credential stuffing attacks. Successful attacks enable the threat actor to impersonate the user and monetise the unauthorised access by selling the stolen sensitive information or incorporating the stolen information for subsequent social engineering attacks, in the form of spear phishing and business email compromise fraud.
More than 100 participants from 10 AMS and 5 key Dialogue Partners from Australia, China, India, Japan and South Korea participated in this year’s drill. Scenario injects with varying levels of complexity were issued to the CERTs during the drill to exercise their capabilities in investigating and responding to these malicious activities.
The drill this year was well-received and participating CERTs provided positive feedback. The CERTs reflected that the experience has been beneficial in enhancing their technical capabilities in incident response and the analysis of cyber incidents. Another takeaway was the enhanced teamwork and communication processes within the CERT teams following the drill.