34 found in compromised sites which are used for attackers to control the compromised server.

2.2. Security Monitoring and Information Publishment

In 2014, through security monitoring, CCERT found many large scale DoS reflection attack incidents in CERNET Network, there about 1,274 compromised servers and hosts. These reflection attacks make use of multiple basic network services, which include: 1. Make use of the monlist function of the NTP Service to execute reflection attack 2. Make use of the DNS query function to execute reflection attack 3. Make use of the Chargen Character Generator Protocol to execute reflection attack We not only informed the person in charge of the detected 1274 servers to handle the security incidents, but also sent to other CERNET users about the security warning of the above reflection attacks and how to prevent relative infrastructures from being exploited to execute the reflection attacks. Other security monitoring and security bulletins: 1. Monitoring and Analysis report about the Heart Bleed Vulnerability 2. Monitoring and Analysis report about the Gnu Bash Shell Shock Vulnerability 3. Monitoring and Analysis report about the remote code execution vulnerability of the Schannel secure channel of Windows system

2.3. Technical Consultation and Security Service

In 2014, CCERT provided with free security scanning service for 6013 websites, and found that about 60 of the scanned websites exist security vulnerabilities, and about 19 of which belong to high risk. 35 Figure 3

2.4. Security training activities

In 2014, CCERT hosted 17 security trainings for 2,106 participants. The security training contents include: 1. Introduction of the next generation firewall technology 2. DNS Domain system security and protection 3. Utilize two-dimension code to simplify network access authorization for visitors 4. Cognition and Practice of Cloud Computing 5. Exploration and practice of campus website security management mode

2.5. Research on security technologies

In 2014, CCERT members found security vulnerabilities of HTTPS deployment in CDN: many top CDN providers don’t encrypt users secret content in the backend communication from CDN node to original web sites, although the frontends from browser to CDN node use HTTPS. We also found the current practices for X509 certificate cause revocation and other problems. We also proposed solutions to solve these problems. We publish our research in IEEE Symposium on Security and Privacy in 2014:”When HTTPS meets CDN: A Case of Authentication in Delegated Service”. After the conference, several top CDN providers, including CloudFlare, have improved their products or services. Secure Website 40 Low Risk Website 29 Middle Risk Website 12 High Risk Website 19 Website Security Scanning Results Secure Website Low Risk Website Middle Risk Website High Risk Website 36 3. Future Plans In 2015, CCERT will continue to focus on network security emergency response work, and strengthen the cooperation with other security organizations to contribute our strength for Internet security. 37 CERT Australia CERT Australia – Australia 1. About CERT Australia

1.1. Introduction – CERT Australia’s Mission Statement

CERT Australia is Australia’s national computer emergency response team. It is the national coordination point for the provision of cyber security information and advice for the Australian community. CERT Australia has a particular focus on Australian private sector organisations identified as Systems of National Interest SNI and Critical Infrastructure CI. It is also the official point of contact in the expanding global community of national CERTs to support more international cooperation on cyber security threats and vulnerabilities.

1.1.1. Establishment

CERT Australia was formed in 2010 in response to the 2008 Australian Government E-Security Review recommendations that Australia’s Computer Emergency Response Team arrangements would benefit from greater coordination.

1.1.2. Workforce power

CERT Australia currently employs 23 core staff.

1.1.3. Constituency

CERT Australia seeks to improve cyber security for all Australian internet users by developing information about significant threats and vulnerabilities that may affect Australian systems. CERT Australia is the cyber security coordination point between the Australian Government and the Australian organisations identified as SNI or CI owners and operators. 2. Activities Operations CERT Australia undertakes a range of cyber security activities including: • providing Australians with access to information on cyber threats, vulnerabilities in their systems and information on how to better protect themselves 38 • promoting greater shared understanding between government and business of the nature and scale of cyber security threats and vulnerabilities within Australia’s private sector networks and how these can be mitigated • providing targeted advice and assistance to enable SNI and CI owners and operators to defend their systems from sophisticated electronic attacks, working in close collaboration with intelligence and law enforcement agencies, via the Australian Cyber Security Centre ACSC, and • providing a single Australian point of contact in the expanding global community of national CERT’s to support more effective international cooperation. Throughout 2014, CERT Australia: • provided unique cyber security threat and vulnerability information relevant to the Australian private sector; specifically those organisations identified as SNI and CI, the purpose of which is to assist the private sector to protect their networks • coordinated, facilitated and performed vulnerability analysis and disclosure, especially where vulnerabilities were identified by Australian stakeholders • coordinated the Australian Government’s cyber security support to Australian business, particularly owners and operators of SNI and CI, for the G20 event held in Brisbane in November 2014 • hosted several information exchanges with SNI partners that included members of the banking and finance, control systems and telecommunications sectors and enabled government and business to share sensitive cyber-security technical information and experiences in a trusted environment, enhancing the ability of both government and business to understand and respond to Australia’s cyber security threat environment • maintained an awareness of cyber threats facing the private sector, contributing to the Australian Cyber Security Centre’s ability to form a national picture of cyber threats • responded to incidents involving targeted and untargeted attacks against Australian organisations.

2.1. Incident handling reports

39 In 2014, CERT Australia had 11,144 cyber incidents reported to it, a decrease of approximately 3 per cent from 2013. These incidents required a range of responses depending on their nature. CERT Australia also produced and disseminated sensitive advisories on cyber vulnerabilities affecting SNI. 3. Events organisedco-organised

3.1. Drills