About mmCERT
(Our Issue, Challenges & Initiatives)
ITU Cybersecurity Forum and Cyber Drill
Vientiane, Lao PDR
9-11 December 2013
Ye Yint Min Thu Htut
mmCERT/cc
Copyright @2013, mmCERT/cc
Table of Contents
 mmCERT Initiatives
 Cyber Security Issues
 Challenges
 Conclusion
Copyright @2013, mmCERT/cc
mmCERT Initiatives
 Myanmar Computer Emergency Response Team (mmCERT)
was formed by e-National Task Force according to the
Initiative of ASEAN Integration (IAI) agreement in July 2004.
 mmCERT is a non profit organization and wholly government
funded since 2004.
 mmCERT is a transitioning member of APCERT since
December, 2011.
 mmCERT/cc was launched by Ministry of Communication and
Information Technology in December 2010.
Copyright @2013, mmCERT/cc
Organization Structure
Ministry of Communication and
Information Technology (MCIT)
Myanmar Post and
Telecommunications (MPT)
Information and Technology
Department (IT Dept.)
mmCERT/cc
Management = 3
Staff
=9
Copyright @2013, mmCERT/cc
Related Organizations
Global
• Internal CERT/CSIRT
Local
• Internet Service Providers
• Data Centers
• Government Agencies
• Cyber Crime Unit
• MCF, MCPA
• Businesses
• Internet Users
Functions of mmCERT/cc
Incident Handling
Operation
Web Monitoring (MM)
Security Auditing (Check List) & Advisory
Research
Tsubame
ITMA 3
www.mmcert.org.mm
Awareness
Weekly Electronic Newsletter, Pamphlet
Seminar, Training
International
Cooperation
Support
Cyber Security Exercise (Drill)
Training/ Workshop/ Conference
HRD, Finance & Administration
ISMS & Mission Support
Copyright @2013, mmCERT/cc
Cyber Security Issues
2012 - 2013
 DDoS Attack in Data Center
 Targeted DDoS/ DoS Attack
 Targeted E.Mail Attack
 Web Defacement
 SPAM E.Mail
 Phishing
 Scanning
 Violation of Privacy in SNS
Copyright @2013, mmCERT/cc
Incident Statistics in 2013
Type of Incidents
Scanning
Sniffing
4%
4%
DoS
2%
0%
29%
DDoS
38%
Malware
6%
Exploiting known
Vulnerabilities
Login Account
17%
Unauthorized use
Copyright @2013, mmCERT/cc
Example Incident
Exploiting Weakness of Framework
Used Outdated framework
(Joomla 1.5.x)
Copyright @2013, mmCERT/cc
Example Incident
Exploiting Weakness of Framework
Can easily found
several exploit on net
Exploited &
Defaced
Copyright @2013, mmCERT/cc
Challenges
Human Resource
Development
Professional Skillful
Workers
Penetration
Tester
Incident Handler
Malware Analyst
Forensic Expert
Copyright @2013, mmCERT/cc
Challenges
Standard Penetration
Testing Methodology
Standard System Security
Guide
Best
Achievement
Standard Security
Assessment / Advisory
Report
Copyright @2013, mmCERT/cc
Conclusion
o Nowadays cyber security initiatives become national strategic level
with government’s direction.
o Myanmar’s economic development is gradually growing up late 2010.
o More and more incidents are waiting for us.
o We need security assessment in the various sectors.
 We expect to promote collaboration with
international organizations especially ITU, IMPACT,
JPCERT and ASEAN member states.
 We expect training / materials / guidance from them.
Copyright @2013, mmCERT/cc
Thank you for your attention.
Q&A
www.mmcert.org.mm
yeyintminthuhtut@mmcert.org.mm
+95 9 452338122
Copyright @2013, mmCERT/cc