Materi - Presentasi - Kegiatan - Bimtek - Kesiapsiagaan - Teknis - Penanganan

PEOPLE PROCESS TECHNOLOGY
Kegiatan Bimtek
Kesiapsiagaan Teknis Insiden Keamanan Siber
Pada CSIRT Organisasi Pemerintah Daerah Tahun 2023
Surabaya, 22 Mei - 25 Mei 2023
Kesiapsiagaan Teknis Insiden Keamanan Siber Pemerintah Daerah Surabaya 22 Mei - 25 Mei 2023
Daftar Isi
1.Ketahanan Siber ( Cyber Resiliance )

2.Insiden Siber (Cyber Incident)
3.Tantangan Masa Depan
4.Referensi Global
5.Solusi dan Tindakan Pencegahan
6.Alur Penanganan Insiden
7.Skenario
KETAHANAN SIBER (CYBER RESILIANCE)
Ketahanan Siber ( Cyber Resilience )
Provides the following definition of

Cyber Resilience
( SP 800-160 Vol. 2 Rev.1
Page-75 C.1 Defining Cyber Resilency )
Published December 2021
”The ability to anticipate,

withstand, recover from, and
adapt to adverse conditions,
stresses, attacks, or compromises
on systems that use or are
enabled by cyber resources.”
Source :
https://csrc.nist.gov/publications/detail/sp/800-160/vol-2-rev-1/final
KEMAMPUAN
GLOBAL CYBERSECURITY INDEX 2020
Published in Geneva, Switerland 2022
Source : https://www.itu.int/epublications/publication/D-STR-GCI.01-2021-HTM-E
Major
Attack
Types
you need to know
at least
Source : https://www.enisa.europa.eu/publications/enisa-threat-landscape-2021
Top cybersecurity threats facing the world in 2022

3. Configuration
1. Social Engineering 2. Third Party Exposure 4. Poor Cyber Hygiene
Mistakes
Any network is hackable if an employee Vendors, client, and app integrations with Even the most cutting-edge security Employee training is essential to ensure
can be duped into sharing access poor security can provide access to an software only works if it’s installed those with network access maintain safe
otherwise well-protected network correctly cyber practices.
7. Mobile Device
5. Cloud Vulnerability 6. Ransomware 8. Internet of Things
Vulnerability
Online data storage and transfer provides Hackers can capture sensitive data or Devices that connect to multiple Smart technology users may not realize
increased opportunities for a potential take down networks and demand networks are exposed to more potential that any IoT device can be hacked to
hack payment for restored access. security threats. obtain network access.
9. Poor Data 10. Inadequate Post-

Management Attack Procedures
When massive amounts of unnecessary Security patches must be as strong as the
data are kept, it’s easier to lose and rest of your cybersecurity protections.
expose essential information.
Source : https://www.embroker.com/blog/top-10-cybersecurity-threats-2022/
INSIDEN SIBER (CYBER INCIDENT)
Insiden Siber - Internasional
Source :
https://www.businessinsider.in/cryptocurrency/news/solana-hack-that-drained-8-million-is-
linked-to-the-slope-mobile-wallet/articleshow/93363977.cms
Insiden Siber - Nasional
TANTANGAN MASA DEPAN
Image source: https://ichef.bbci.co.uk/news/976/cpsprodpb/167DB/producti on/_104532129_tv050864711.jpg.webp
Tantangan Masa Depan
Sumber : https://indonesiabaik.id/infografis/seberapa-digital-masyarakat-imd-indonesia Sumber : https://www.bi.go.id/id/rupiah/digital-rupiah/Documents/White_Paper_CBDC-2022.pdf

REFERENSI GLOBAL
MITRE ATT&CK
MITRE ATT&CK threat models and methodologies
1 Reconnaissance 2 Weaponize 3 Deliver 4 Exploit 5 Control 6 Execute 7 Maintain
PRE-ATT&CK ATT&CK for Enterprise

• Priority Definition Initial Access Execution Persistence Privilege Escalation
- Panning Direction 1 2 3 4
• Target Selection
• Information Gathering Discovery Credential Access Defense Evasion
- Technical, People, Organizational
• Weakness Identification 7 6 5
- Technical, People, Organizational
• Adversary OpSec Lateral Movement Collection Exfiltration
• Establish Maintain Infrastructure
8 9 10
• Persona Development
• Build Capabilities
• Test Capabilities Impact Command & Control
• Stage Capabilities
12 11
Reference - https://attack.mitre.org/
OWASP TOP 10
Latest Web Application risk based on OWASP Top 10 2021
Reference:
- https://owasp.org/
- https://owasp.org/www-project-top-ten/
Vulnerability Database & Standards
Web Application Middlewares
• SQL injection lead information • Apache struts/Coldfusion/Weblogic

leakage
Content Management
Operating System
System ( CMS )
• Remote code execution (RCE) • WordPress Drupal Joomla!

• Windows, Linux, Mac, iOS, Android etc Vulnerability
Database Hardware
Application
Vulnerabilities Vulnerabilities
• Buffer overflow • BIOS, CPU etc
• MS-Office, Adobe, Java etc
Vulnerabilities in Protocol Level
Servers Vulnerabilities
• RCE • NTP, DNS, TCP etc
• Database, Web, Mail, DNS, remote login etc
Vulnerability Database & Standards
Major Vulnerability Database and Standards
National Vulnerability Common Vulnerability Common Weakness Common Vulnerability

Database : NVD Exposure :CVE Enumeration: CWE Scoring System: CVSS
The NVD is the U.S. CVE is a list of entries—each
government repository of containing an identification The Common Vulnerability Scoring
standards based vulnerability number, a description, and at CWE is a community- System (CVSS) provides a way to
management data least one public reference—for developed list of common capture the principal characteristics
publicly known cybersecurity of a vulnerability and produce a
software and hardware
vulnerabilities. numerical score reflecting its
https://nvd.nist.gov/
security weaknesses. severity.
https://cve.mitre.org/ https://cwe.mitre.org/ https://www.first.org/cvss/
SOLUSI DAN TINDAK PENCEGAHAN
Solusi Dan Tindakan Preventif
Build Computer Security Incident Response Team (CSIRT) is a must

Solusi Dan Tindakan Preventif
What are Common Cyber Hygiene Problems?

Why is Cyber Hygiene
Important? Loss of Data Misplaced data Security breaches
Hard drives, online cloud storage and Poor cyber hygiene could mean Data breaches are becoming
SaaS apps that store sensitive data losing data in other ways, while it increasingly common, and
Every employee needs to that isn't backed up or maintained may not be corrupted or gone for costly. Spear phishing, whaling
understand basic cyber hygiene can be vulnerable to hacking, good, it's increasingly common to attacks, lack of configuration
corruption, data leaks, and data misplace data due to the myriad of management, and poor network
practices and their role in breaches. places it can be stored. This is security can all lead to exposure of
why robust data classification is trade secrets, PII, and PHI. This can
protecting and maintaining your important. result in customer identity
IT systems and devices. This will theft, industrial espionage, and a loss
of market position.
enable better incident
response and provide immediate Poor or lack of vendor
Outdated software Old security software
risk management
and effective defenses against
Software applications must have Antivirus software and other security Number of your third-party
cyber attacks. security patches applied regularly to software must be kept up to date to vendors and service providers have
prevent known vulnerabilities. The keep pace with the ever-changing access to your Wi-Fi networks or
success of the WannaCry threat landscape process sensitive data on your behalf
ransomware computer worm is a
Reference :
great example of why patching
https://www.upguard.com/blog/cyber-hygiene
operating systems is an important
part of good cyber hygiene
ALUR PENANGANAN INSIDEN
SKENARIO
Skenario
5. Berhasil melakukan
1. Attacker Access 6. Attacker membuat post
3. Attacker mencoba melakukan 4. Attacker mencoba bruteforce, Attack mencoba
Website melalui baru, dengan initial dirinya
bruteforce melakukan bruteforce login menggunakan akun
browser sebagai anonymous
hasil bruteforce
2. Attacker melakukan scanning Impact-1

menggunakan seperti NMAP, Web Defacement Hacked By 7. Post baru berhasil dibuat
Pada tahap ini attacker sadar tidak memiliki full access, sehingga Anonymous
WPSCAN, NIKTO, OWASP ZAP
memerlukan Tindakan lebih lanjut
8. Attacker mencoba 12. Metasploit attacker

9. Hasil scanning menunjukan 10. Attacker mencoba exploit
scanning Vulnerability 11. Metasploit mencoba berhasil masuk ke shell
Target vulnerable WP-File- yang direkomendasikan oleh
menggunakan exploit dan upload payload terminal target sebagai user
Manager RCE Metasploit
Metasploit www-data
Impact-2 13. Attacker upload file

13.1 Upload File Slot 888
Web Defacement Slot 888 pendukung sebagai
Judi Online
Judi Online persistence dan weapon
16. Attacker berhasil login 13.2 Attacker Melihat

15. Attacker berhasil 14. Attacker melakukan
Impact-3 ssh menggunakan akun bahwa terdapat user root
melakukan mendapatkan bruteforce ssh terhadap
Server Take Over yang memiliki akses dan Latihan yang memiliki
akses ssh menggunakan dictionary
privileges sudo akses privileges root
“Dreams without goals are just dreams and
ultimately they fuel disappointment
On the road, to achieving your dreams you
must apply discipline but more importantly
concistency,
because without commitment you never start,
without concistency you never finish“
- Denzel Washington -
Terima Kasih
TERIMA KASIH

Materi - Presentasi - Kegiatan - Bimtek - Kesiapsiagaan - Teknis - Penanganan

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Materi - Presentasi - Kegiatan - Bimtek - Kesiapsiagaan - Teknis - Penanganan

Uploaded by

Copyright:

Available Formats

PEOPLE PROCESS TECHNOLOGY

1.Ketahanan Siber ( Cyber Resiliance )

Provides the following definition of

”The ability to anticipate,

Top cybersecurity threats facing the world in 2022

9. Poor Data 10. Inadequate Post-

Sumber : https://indonesiabaik.id/infografis/seberapa-digital-masyarakat-imd-indonesia Sumber : https://www.bi.go.id/id/rupiah/digital-rupiah/Documents/White_Paper_CBDC-2022.pdf

1 Reconnaissance 2 Weaponize 3 Deliver 4 Exploit 5 Control 6 Execute 7 Maintain

PRE-ATT&CK ATT&CK for Enterprise

Latest Web Application risk based on OWASP Top 10 2021

Web Application Middlewares

• SQL injection lead information • Apache struts/Coldfusion/Weblogic

• Remote code execution (RCE) • WordPress Drupal Joomla!

Major Vulnerability Database and Standards

National Vulnerability Common Vulnerability Common Weakness Common Vulnerability

https://cve.mitre.org/ https://cwe.mitre.org/ https://www.first.org/cvss/

Build Computer Security Incident Response Team (CSIRT) is a must

What are Common Cyber Hygiene Problems?

2. Attacker melakukan scanning Impact-1

8. Attacker mencoba 12. Metasploit attacker

Impact-2 13. Attacker upload file

16. Attacker berhasil login 13.2 Attacker Melihat

You might also like