If you are having trouble viewing this email, click here to view this online



   ISSUE 84

26 July 2018

Article of the Month Around the World


National Information and cyber security strategy

Previously discussed topics:

1. Cyber Security Landscape in Sri Lanka

2. Overview of the National Information and Cyber Security Strategy

3. Thrust #2: Legislation, Polices, and Standards

4.Thrust #3: Development of a Competent Workforce

5.Thrust #4: Resilient Digital Government Systems and Infrastructure

The Fifth pillar of the strategy:

Thrust #5: Raising Awareness and Empowerment of Citizens

Our Strategy

The Internet has become important for all aspects of daily life including education, work, and participation in society. A considerable segment of society is becoming more and more dependent on the Internet thereby becoming more vulnerable to cybercrime. A major reason for such vulnerabilities to cybercrime is lack of awareness among citizens about possible cyber threats and their consequences. Theft of identity, stealing of credit card numbers, and privacy violation and unauthorized access on social media for example are commonly caused due to the lack of awareness of citizens. It is, therefore, essential to raise citizens� awareness about emerging cyber threats and empower them with the knowledge and skills necessary to defend themselves against evolving cyber threats.

Some facts on the disclosure of identity and privacy by Sri Lankan youth through social media


Frequency of changing the password of social media by Sri Lankan youth





Our Initiatives

5.1. National Information and Cyber Security Readiness Survey

In collaboration with the Department of Census and Statistics, we will conduct a National Baseline Survey to assess Sri Lankan citizens� awareness, attitudes and behaviors on information and cyber security related activities.

5.2. Public�s Awareness of Social Media and Cyber Security

5.2.1. We will extend the services of CERT website to provide a comprehensive collection of materials and activities relating to cybersecurity, and incorporate a comprehensive complaints reporting system to assist victims.

5.2.2. We will increase information and cyber security awareness among the public through hosting awareness campaigns, organizing public conferences, street dramas, and so forth.

5.2.3. We will pay special attention to most vulnerable communities in the society including youth, women and elderly people.

5.2.4. We will use printed and electronic media to reach a broader population. Content shall be in trilingual format. We will also use social media as a tool for increasing the information security awareness of citizens.

5.2.5. We will also enhance the content of well-known government web sites (e.g. www.gov.lk,www.news.gov.lk, www. defence.gov.lk) with information and cyber security related materials (e.g. presentations, and webinars). The Government Call Center (1919) will be also enhanced to provide basic information on cyber security related matters.
5.3. Introduction of Information and Cyber Security into Curriculums

5.3.1. We will facilitate the Ministry of Education and the National Institute of Education to include information and cyber security as an essential part of the informatics curriculum at schools.

5.3.2. We will facilitate the Ministry of Education to increase school children�s awareness on cyber security. We will also continue to publish the Cyber Guardian (newsletter on cybersecurity) and circulate among school and university students to increase their awareness on latest cyber threats.

5.4. Lifelong Learning Opportunities

With the involvement of Open University of Sri Lanka and Vocational Training Institutes we will design basic information and cyber security learning modules for adults. We aim to deliver these courses through the Open University�s distance learning centers, Nenasala Centres, vocational training institutes and accredited training institutes scattered around country.

5.5. Security Ratings for ICT Equipment and Create Awareness Among Citizens

We will facilitate the Sri Lanka Standards Institute to develop Security Ratings for ICT products which will enable citizens to have a clear idea of the level of security that a product offers. We will also work with ICT product suppliers� associations to supply products into the market by enabling security settings by default. Through effective communication channels we will make citizens aware of security ratings and security features of ICT products.


To be continued....


Dr. Kanishka Karunasena,

Research and Policy Development Specialist, Sri Lanka CERT|CC

























1 Statistics on the Internet growth in Sri Lanka
2.The Dragon Research Group (DRG)
3.TSUBAME (Internet threat monitoring system) from JPCERT | CC
4.Shadowserver Foundation
5. Team Cymru

  Phishing anniversary: Here�s a free $50/month subscription


"...The message suggests that Adidas is offering 2,500 pairs of shoes to celebrate its 69th anniversary, followed by a link from which to obtain the promised item. If you take a closer look at the link in the image, you can see that there�s no dot above the short vertical line that should be the letter �i�. This is a homoglyph (often referred to as homograph) attack, incorporating a link that looks legitimate but is actually spoofed by replacing one character with another that looks the same to the unwary eye. This kind of attack is not new, with several articles covering the subject such as welivesecurity, thecomputerperson and Doron Segal on Medium. The structure of the message is not new either. A few similar campaigns were observed in 2016......"


Facebook�s Fight Against Bad Content Is a Mess


"...Facebook is trying to have it both ways.

As a private company, it can ban whatever bad content it wants from its site, so it outlaws nudity and hate speech. But it also says that it doesn�t want to be the arbiter of truth, so it doesn�t remove patently false information that plagues its platform.

Its convoluted�often seemingly arbitrary�policies leave Facebook performing mental gymnastics to decide what should be banned, and what should remain. On a day-to-day level, the confusing rules�in addition to the sheer amount of content uploaded to the platform�mean that a lot of illegal or harmful content lingers, for countless more eyes to see......"

  Cyberbullying awareness and prevention


'...By allowing us to share our stories and communicate with friends, family, and strangers all across the world, the internet has changed forever. It would be impossible for many of us to regress to a pre-wired-in age. Yet, the shift towards a social media-centered existence hasn�t been without its downsides, and the increasing prevalence of cyberbullying is one of the most alarming.

Cyberbullying is bullying -- period -- and we must work together to minimize its negative impact on our society.

Defined by Dictionary.com as, �the act of harassing someone online by sending or posting mean messages, usually anonymously�, cyberbullying comes in many forms. It affects adolescents the hardest, but also all age groups....'

IoT Robot Vacuum Vulnerabilities Let Hackers Spy on Victims



'...Researchers have uncovered vulnerabilities in a connected vacuum cleaner lineup that could allow attackers to eavesdrop, perform video surveillance and steal private data from victims.

Two vulnerabilities were discovered in Dongguan Diqee 360 vacuum cleaners, which tout Wi-Fi capabilities, a webcam with night vision, and smartphone-controlled navigation controls. These would allow control over the device as well as the ability to intercept data on a home Wi-Fi network.

�Like any other IoT device, these robot vacuum cleaners could be marshaled into a botnet for DDoS attacks, but that�s not even the worst-case scenario, at least for owners,� Leigh-Anne Galloway, cybersecurity resilience lead at Positive Technologies, said on Thursday....'

D-Link, Dasan Routers Under Attack In Yet Another Assault


'....Dasan and D-Link routers running GPON firmware are being targeted by hackers in an attempt to create a botnet.

Unpatched D-Link and Dasan GPON router vulnerabilities are being targeted by hackers attempting to build a botnet army, according to research published Friday by eSentire Threat Intelligence.

Researchers observed on Thursday a massive uptick in exploit attempts from over 3,000 different source IPs targeting model D-Link 2750B and Dasan GPON routers running a version of the GPON firmware....'

Month in Brief
Facebook Incidents Reported to Sri Lanka CERT|CC in June 2018
  Statistics - Sri Lanka CERT|CC

Google is bringing its human-like conversational AI to the contact centre

'...WaveNet is �a deep generative model of raw audio waveforms� developed by the Google's UK subsidiary DeepMind and announced in 2016. It promises the ability to �generate speech which mimics any human voice and which sounds more natural than the best existing Text-to-Speech systems, reducing the gap with human performance by over 50 percent.�

In a blog post, Fei-Fei Li, chief scientist at Google AI wrote: �When we studied the challenges faced by real contact centres every day, we found that customers often have simple transactional or informational requests....'

Mining Cryptocurrency: Everything You Need To Know

"...The easiest way to understand cryptocurrency mining is that it isn�t mining in the traditional sense of the word.

Mining is a way of validating transactions on the blockchain.

Instead of someone at a bank or a clearing house making sure transactions are legitimate, people who run mining software (miners) do this job instead.

While someone at a bank might get paid a salary, miners are rewarded for their work in the form of cryptocurrency.. .."
How to handle Windows 10 updates

�...Confused about how updates work in Windows 10? Join the club. In this latest version of its operating system, Microsoft has transformed what was once a straightforward procedure into a seemingly complicated process that varies according to whether you have Windows 10 Home, Windows 10 Pro or an enterprise or education edition. As a result, there have been lots of misperceptions about how Windows 10 Update works, and how to best use it......�
Facebook plans to enter China by setting up local subsidiary: Report

."...Facebook has set up a subsidiary in Hangzhou, China, with registered capital of $30 million, Chinese technology website 36kr.com reported on Tuesday, citing an official business registration filing.

According to the report, the new company, fully owned by Facebook Hong Kong Limited, completed the business registration this month at the local government of Hangzhou, where Chinese ecommerce giant Alibaba is headquartered. ...."

Notice Board

Training and Awareness Programmes - July  2018


Brought to you by: