189 Engineer, Senior Information Security Engineer, Information Security Engineer, Information Security Analyst, three Junior Information Security Analysts and an Officer-in-charge of HR Admin. This team is supported by four undergraduate interns. All the staff are highly skilled and experienced in different areas of information security and have achieved corresponding Information security certifications which are widely recognized in the industry, such as SANS GCIH, Microsoft MCSE, EC-Council Certified Ethical Hacker CEH and Certified Hacking Forensics Investigator CHFI, Cisco CCNA and CCSP and CISSP by International Information Systems Security Certification Consortium; ISC 2 .

1.1.3. Constituency

Sri Lanka CERT‘s Constituency encompasses the whole of the cyber community of Sri Lanka private public sector organizations, and the general public. Sri Lanka CERT maintains a good rapport with government and private sector establishments, and extends assistance to the general public as permitted by available resources. In accordance with its mandate, Sri Lanka CERT | CC gives priority to requests for assistance from government. Based on availability of human resources and necessary skills, requests from private sector are handled free of charge or on a paid basis, depending on the type of service provided. 2. Activities and Operations

2.1. Activity Summary

Sri Lanka CERT|CC maintains an inter-dependent structure, with expertise in the field of cyber security that has the capacity to prevent, analyze, identify and respond to cyber security incidents that threaten Sri Lanka’s national cyber-space. As the national contact point for matters relating to cyber security incidents, during 2014 1st of January – 31st of December, Sri Lanka CERT|CC was informed by various domestic or international partners about various cyber security incidentsvulnerabilities that affectedmay affect our national cyber-space, as follows; - Compromised unique IP’s extracted from the information collected by 190 automated systems - Vulnerabilities on applications, operating systems and firmware etc. This report analyzes the cyber security incident information collected managed by Sri Lanka CERT|CC in 2014, in order to obtain an overall view of the nature and dynamics of these types of events relevant to the evaluation of the risks targeting the ICT systems in Sri Lanka. Based on the collected data, the following have been observed; - Approximately 90 of the incidents refer to systems in Sri Lanka that have been compromised through the exploitation of some technical vulnerability and got infected with different versions of malware and have become part of a botnet; the total number of unique IPs identified is around 750. - 85 of the compromised IPs refers to systems in Sri Lanka which had become zombies of SirefefZeroAccess botnets. - 90 of all the unique compromised IPs reported to Sri Lanka CERT|CC, were identified as running Microsoft Windows operating systems, versions 98, 2000, XP or 2003; - Over 20 of the phishing incidents refer to entities in Sri Lanka that host phishing web pages, affecting the activity of financial institutions abroad and around 80 of reported phishing incidents were targeting Sri Lankan financial institutions and were hosted overseas. - 32 .lk domains were compromised in 2014, representing approximately 60 of the total number of reported defacements. The above findings lead to the following conclusions: - Cyber security threats upon our national cyber-space have diversified, and have evolved both in terms of quantity and in terms of technical complexity; - The majority of the compromised systems in Sri Lanka, are part of botnets tat are being used as proxies for carrying out attacks on targets outside the country, thus representing potential threats to other systems connected to the Internet; - Based on the analysis of the malware types specific to our national cyber-space 191 and of the types of compromised systems, both revealed in this annual report, it appears that, in quantitative terms, most attacks are directed towards outdated, obsolete systems, lacking security features e.g. systems affected by Conficker or are not updated with the latest security patchesupdates; - An increasing number of entities in Sri Lanka become targets of APTs, attacks with a high degree of complexity that are launched by groups with the capacity and motivation to persistently attack a target in order to obtain certain benefits usually sensitive information; we expect an increase in the number and severity of such attacks nationwide during 2014; - Sri Lanka cannot be considered as just a generator of cyber security incidents anymore, because the analysis of the data presented in the current report demonstrates that is mostly used as a proxy by other attackers.

2.2. Incident Handling Statistics