CSA Hosts 13th Iteration of ASEAN CERT Incident Drill (ACID)

12 Sep 2018

SingCERT controllers issuing injects and liaising with CERT participants during the ACID 2018

The Cyber Security Agency of Singapore (CSA) hosted the 13th iteration of the ASEAN CERT (Computer Emergency Response Team) Incident Drill (ACID) on 5th September 2018. ACID is an annual drill that Singapore has been hosting since 2006, to strengthen cybersecurity preparedness and cooperation among CERTs in ASEAN Member States (AMS) and key Dialogue Partners, as well as test their incident response procedures.


In ACID exercises, CERTs are put through a series of scenario injects that are designed based on prevalent cybersecurity threats such as ransomware, phishing, malware infection and brute force attacks. Participants are required to investigate, analyse and recommend remediation and mitigation measures in their reports.


This year’s theme, “System Vulnerabilities and Cryptocurrency Mining”, was chosen given the increasing prevalence of online payment systems which have created highly-valued cryptocurrencies such as Bitcoin, Monero, Ethereum and Ripple. The potential for cryptocurrency prices to skyrocket has attracted the attention of not only investors, but also cyber criminals to conduct illicit mining campaigns. Cryptocurrency mining actors have been actively targeting vulnerable systems such as Content Management System (CMS) and web-servers running on outdated software to add to their cryptocurrency mining resources.  


In this edition, more than 100 participants from 10 AMS and 5 key Dialogue Partners from Australia, China, India, Japan and South Korea participated in the drill. Scenario injects with varying levels of complexity were issued to the CERTs during the drill to exercise their capabilities in investigating and responding to these malicious activities.


ACID Organiser, Wan Pei Fen, CSA, said, “Cyber-attacks are borderless and we must work with our regional and international partners to combat them together. By putting our processes to the test and undergoing the injects together, we can learn from each other and better prepare ourselves to respond effectively to cyber-attacks.”