Pakistan Chapter Status Report for 2014

ORGANIZATION

  • Faiz Ahmad Shuja is founder and chapter lead of Pakistan Chapter and an active member since 2003. He was also responsible for the management and maintenance of HP infrastructure as Chief Infrastructure Officer until March 2014.
  • Muhammad Omar Khan is an active member and assists in various Honeynet deployment efforts.
  • Rehan Ahmed is our active member. He assists in the management of Pakistan chapter and HP infrastructure.
  • Omar Khan has been involved in attacks analyses and reporting.
  • Muhammad Ahmed Siddiqui is an active member involved in attacks research and analysis.
  • Tahir Soomro is an active member.

DEPLOYMENTS
We have following technologies deployed:

  • Three Honeebox sensors
  • Four Low-interaction honeypots using Dionaea, Conpot, and Kippo
  • Cuckoo Sandbox

RESEARCH AND DEVELOPMENT

  • During past year, we have moved our centralized data collection and analysis to Splunk. It has been very effective in managing large amount of data that is generated from our sensors. Most of the time during 2014 was spent in designing the new archtiecture for data collection and analysis using Splunk. We built multiple dashoards, custom scripts to fetch malware analysis results and various reports.
  • We will continue improving our data analysis and reporting platform (Splunk) as it enables us to help various organizations across Pakistan to provide them intelligence for defending attacks towards their networks.
  • We are also working on expanding our Cuckoo Sandbox implementation and enable it to analyze higher number of malicious executables and websites at a time.

FINDINGS

  • Most number of attacks were destined towards port 22 – ssh (85%) followed by 1433 – ms-sql-s (4%) and 445 – microsoft-ds (3.4%)
  • SSH Brute-force Attack dominates with a total share of 89% of attacks targeting Unix based system in Pakistan’s cyber space
  • Conficker remains the largest attacking malware targeting Microsoft Windows based computer systems through NETAPI Stack Overflow attack in Pakistan with a total share of 77%.

PAPERS AND PRESENTATIONS

  • Presented on Pakistan's Threat Intelligece at InfoSec 2014
  • Presented on APTs at Fraud Prevention Confernece

GOALS

  • We plan to expand our sensors implementation to more organizations across Pakistan
  • We plan to enhance our data analysis platform, Splunk
  • We plan to encourage chapter members to publish articles and papers of our research
  • Add more active and young members