« Banking Trojan “Citadel” Returns | Main | PHP Files in CMS, Targeted for Alteration »

Mar 29, 2016

Experience in MNSEC 2015, Ulaanbaatar

Hello all, my name is Shinichi Horata working at Watch and Warning Group. It’s my first time posting here.

It’s already been quite a while ago, but last year I went to Mongolia for the first time in my life. The purpose was to attend MNSEC 2015 (Conference website: Mongolian only), a Mongolian local cyber security conference hosted by MNCERT/CC (Organisation website: Mongolian only) on 29-30 September 2015, where I delivered a talk.

Event Overview

MNSEC is the largest cyber security conference in Mongolia, which has been held annually since 2013. JPCERT/CC has been invited to this event since the first time (See the blog entry from 2014 here). The event attracted about 200 locals who are engaged in cyber security from the Mongolian Government, private entities, ISPs, banks, universities and so on. A wide range of discussions took place including the relations between big data and security, malware involved in online banking and sophisticated cyber attacks. The program was as follows:

29 Sep - Presentations:

  1. “Big data and its security” (Bat-Ulzii B, Director of IT Department of Ulaanbaatar)
  2. “Weak point, threats and violations of E-Bank” (Jung Hyong Chul, Beyond Security)
  3. “FreeBSD Content filter” (Ganbold Ts, Director of MSTRIDE LLC and Head of Mongolian Unix group)
  4. “Current Cyber Threats in Japan” (Shinichi Horata, JPCERT/CC)
  5. Kharuul Zangi 2015 (CTF competition)

30 Sep - Presentations:

  1. “Understanding Exploit Analysis” (Shinichi Horata, JPCERT/CC)
  2. “Information security in cyber environment” (Altangerel. B, Communications Regulatory Commission of Mongolia)
  3. “APT attack” (Otgonpurev M, Cyber security expert)
  4. “Cyber threat and decreasing it” (Andrew Chen, Channel manager of Checkpoint LLC)
  5. “Child security in cyber environment” (Altangerel B, Communications Regulatory Commission of Mongolia)
  6. “DDoS attack” (Enkhsaikhan P, Cyber security researcher)
  7. “About Mongolian cyber emergency response team” (Batjargal B, MNCERT/CC)

MNCERT/CC gave me an opportunity to deliver two presentations entitled “Current Cyber Threats in Japan” and “Understanding Exploit Analysis”.

In the first presentation, I provided an overview of JPCERT/CC activities, especially focusing on our efforts in incident response and early warning. Furthermore, I introduced the current situation of cyber incidents observed in Japan, mainly case studies of illegal money transfer involving banking Trojan, and cases of sophisticated cyber attacks.

The second presentation discussed some of the know-how required for providing early warning information, and software vulnerabilities in Use After Free (CWE-416), taking Adobe Flash Player’s vulnerability (CVE-2015-5119, etc.) as an example. In Mongolia, they are currently focusing on implementing efforts to enhance industrial development and human resource development in cyber security, so it was a good opportunity for us to exchange information and views regarding these topics.

Presenter_1_edit

(Photo of me at the event)

Remarks on the Event

I felt that the key throughout the event was also “human resource development”. On 29 September, there was a CTF competition entitled “Kharuul Zangi 2015”, and there were also some programs running in parallel that gave practical lectures. Aside from the CTF, some exercises were also given to the participants so that everyone could make the most of the event. I saw a lot of youngsters among a wide range of participants. I felt that the participants and the venue were filled with enthusiasm – probably because the conference is a new and young project, and organisers as well as attendees had great motivation.

MNCERT/CC, who has been hosting the conference, says that they consider the discussion on local cyber security among the persons in charge and researchers as a key component of the event. This made me wonder – what about Japan? Is there as much momentum in Japanese cyber security conferences, involving young students and those working at the front line? The event provided me a good opportunity to look back on my own experience too. Actions for cyber security discussions in Mongolia has just started – we look forward to seeing MNCERT/CC’s and Mongolian local CSIRTs’ even stronger involvement in enhancing the industry and its human resources.

Thank you for reading.

- Shinichi Horata

(Translated by Yukako Uchida)