Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Africa's Cyber Threats, Where Are We? - EuroAfrica-ICT

advertisement 
EGYPT
National Telecom Regulatory Authority
Africa’s Cyber Threats,
Where Are We?
EG-CERT
12/9/2013
Table of Contents
Africa’s Cyber Threats
Top Incidents
EG-CERT in a Glance
2
National Telecom Regulatory Authority - EGYPT
Cyber Threats
 Cyber-crime has become a major threat to the
advances made in the fast evolving ICT industry.
 The number of malware, cyber frauds and cyber attacks is
growing in Africa in meaningful way.
 Malware infections in Africa are higher than the worldwide average
according to Microsoft’s Security Intelligence Report for the second
half of 2011
3
National Telecom Regulatory Authority - EGYPT
Cyber Threats
 Every fifth user in South Africa and Nigeria and every
fourth in Kenya faced a form of malware while surfing
the internet. (“Kaspersky”)
 This proves the reality of cyber-criminal activity in Africa.
 There’s need however according to analysts for preventative
mechanisms that are not only customized to specific sectors and
operations, but that are, continuously upgraded in a way that
consistently prevents the growing number of sophisticated attacks
on one’s systems.
4
National Telecom Regulatory Authority - EGYPT
Cyber Threats
5
National Telecom Regulatory Authority - EGYPT
Africa’s Top Cyber Services Targeted
 Internet Banking
 E-commerce
 Social Media Sites
6
National Telecom Regulatory Authority - EGYPT
Africa’s Top Cyber Attacks
 Malware Infections
 Phishing and Fraud
 DDOS
 Web Sites Defacement
 Cyber wars
7
National Telecom Regulatory Authority - EGYPT
The Reasons:
 The proliferation of communication devices, networks
and users.
 Social networking.
 The increase in on line banking services, investing,
retail and wholesale trading services.
 Attacks through cyber space by organized crime or
hacktivist groups.
8
National Telecom Regulatory Authority - EGYPT
Table of Contents
Africa’s Cyber Threats
Top Incidents
EG-CERT in a Glance
9
National Telecom Regulatory Authority - EGYPT
Top Incidents (Phish Phry)
 In Oct 2009, Egypt-US identity theft ring: “Authorities
indicted 100 Americans and Egyptians in the smashing
of an international identity theft ring billed as one of the
largest cybercrime cases ever.
 The operation targeted two banks and about 5,000 U.S.
citizens, with losses totaling more than $2 million” CNN – 8
October`09
 Operation Phish Phry: EG‐CERT has contributed to the investigation of one of the largest phishing case by providing forensics analysis; report 400+ pages; 1600 working hours by 12 specialists. A model for
cooperation within and across boarders……
National Telecom Regulatory Authority - EGYPT
10
Phish Phry
11
National Telecom Regulatory Authority - EGYPT
Operation Phish Phry
 Operation Phish Phry: EG‐CERT has contributed to the investigation of one of the largest phishing case by providing forensics analysis; report 400+ pages; 1600 working hours by 12 specialists.
 A model for cooperation within and across boarders……
12
National Telecom Regulatory Authority - EGYPT
Top Incidents
 In Nov 2009,
Egyptian and
Algeria hackers
launched cyber
attacks on
governmental and
media website in
light of the
tension and
violence that
coincided with the
FIFA World Cup
qualifying games.
13
National Telecom Regulatory Authority - EGYPT
Top Incidents
 In Dec 2011, Anonymous Group launched a DDOS
attack on some Egyptian Governmental websites
following violent clashes between demonstrators and
security forces…
 In August 2012, Gauss malware was reported and targeted
the banking sector in Lebanon and other countries in the
middle east.
14
National Telecom Regulatory Authority - EGYPT
Top Incidents
 Also in August 2012, A group named "Cutting Sword of
Justice" claimed responsibility for an attack on 30,000
Saudi Aramco workstations, causing the company to
spend a week restoring their services.
 The group later indicated that the Shamoon virus had been
used in the attack.
15
National Telecom Regulatory Authority - EGYPT
Table of Contents
Africa’s Cyber Threats
Top Incidents
EG-CERT in a Glance
16
National Telecom Regulatory Authority - EGYPT
EG-CERT
 A national Computer Emergency Response Team
(EG-CERT) has been established within the Egyptian
Telecommunication Regulatory Authority (NTRA) on
April 2009.
 Currently has 25 professionals.
 EG-CERT provides support to several entities in the ICT sector, the
financial sector as well as the governmental sector, in order to help
them tackle Cyber security threats and deal with incidents and
denial of service (DDOS) attacks.
17
National Telecom Regulatory Authority - EGYPT
EG-CERT
 EG-CERT provides both re-active as well as proactive
services, including:
o
o
o
o
Incident Handling
Digital Forensics
Malware Analysis
Vulnerability Assessment, and Penetration Testing.
 EG-CERT led and coordinated the efforts to confront
distributed denial of services (DDOS) attacks on critical
infrastructure by local and international “cyber hactivist”
groups, such as Anonymous.
18
National Telecom Regulatory Authority - EGYPT
EG-CERT
 Assisted in dealing with web defacement attacks on
several governmental and strategic websites in the
financial sector.
 Provides technical expertise in investigating cyber attacks,
such as Operation Phish Phry (2009).
 Is a full member of FIRST (2012), and has participated in its annual
conference since 2009.
 Is a member of the Organization of Islamic Countries-CERT (OICCERT), and has participated in OIC-CERT annual general meeting
since 2009.
National Telecom Regulatory Authority - EGYPT
19
EG-CERT
 Has strong relationships with many CERTs in the Arab
region (e.g. Omani CERT, Tunisian CERT, Q-CERT)
 Has cooperation agreements with:
o
o
o
o
Cyber Security Malaysia
US-CERT
South Korean Information Security Agency (KISA)
Indian CERT.
20
National Telecom Regulatory Authority - EGYPT
EG-CERT
 Successfully participated in:
o (Asia Pacific - APCERT) cyber drill (2012 & 2013)
o (Organization of Islamic Countries - OIC-CERT) cyber drill
(2012 & 2013)
o ITU/Impact Arab region cyber drill (2012).
 EG-CERT organized a special Cyber Security training
program for a delegation from Uganda, within the efforts to
strengthen cooperation with African countries.
21
National Telecom Regulatory Authority - EGYPT
THANK YOU
Ahmed Tharwat
a.tharwat@egcert.eg
22
Related documents
solving national security challenges with information technology by
solving national security challenges with information technology by
apdf nov 4 - 0910 sakada
apdf nov 4 - 0910 sakada
View session overview, activities and output
View session overview, activities and output
Jorge Valenzuela
Jorge Valenzuela
study guide ancient egypt
study guide ancient egypt
Need for New Approaches to Security PowerPoint
Need for New Approaches to Security PowerPoint
Day 4 Index - 507 Access 13, 15, 40, 56, 71, 76
Day 4 Index - 507 Access 13, 15, 40, 56, 71, 76
Disarmament For Egypt
Disarmament For Egypt
Download
advertisement