18th Iteration of ASEAN CERT Incident Response Drill Tests CERT’s Preparedness Against Multi-Pronged Attacks Arising from Hacktivism

The Cyber Security Agency of Singapore (CSA) organised the 18th iteration of the ASEAN Computer Emergency Response Team (CERT) Incident Drill (ACID) held on 18 and 19 October 2023. This was held in conjunction with the Singapore International Cyber Week (SICW) 2023, Asia-Pacific’s most established cybersecurity event.

An annual drill hosted by Singapore since 2006, ACID tests incident response procedures and strengthens cybersecurity preparedness and cooperation among CERTs in ASEAN Member States (AMS) and ASEAN Dialogue Partners.  

The theme of this year’s ACID is “Responding to Multi-Pronged Attacks Arising from Hacktivism”. This theme was chosen against the global backdrop of increasing cyber-attacks motivated by hacktivism, where hacktivist groups typically perform cyber-attacks on organisations to further their ideological beliefs. In the past year, these attacks have increased in frequency and sophistication. Such attacks typically include multi-pronged attacks using a combination of Distributed Denial-of-Service, data breaches and wiperwares against government websites, financial institutions, media outlets, etc. Through email injects, this year’s drill simulates similar tactics employed by hacktivists, such as the deployment of wiperware to disrupt the operations of target organisations. 

This year’s ACID was also expanded to include a Tabletop Exercise (TTX) component developed and moderated by SingCERT. In the TTX, realistic scenario injects were provided for participants to discuss how they would respond to them, giving participating CERTs the opportunity to share information on their incident response processes, as well as identify areas for further improvement and enhance their operations planning capabilities.

The 18 CERTs that participated in this year’s ACID provided positive feedback that the cyber drill and TTX were well organised and enhanced participants' incident response capabilities. Participants noted that the cyber drill and TTX broadened their horizons by exposing their teams to new drill scenarios and incident response techniques, which allowed them to practise responding to a variety of realistic scenarios.