Fwd: [i-network] [Action requise] cyber security situational awareness (Reports from CA?)
Listers, Just following this from our semejis or is it shemjis across the border. Is it possible for CA to avail this kind of reports to the community? Regards ---------- Forwarded message ---------- From: Margaret Sevume <sevume@i-network.or.ug> Date: Tue, Sep 12, 2017 at 2:25 PM Subject: [i-network] [Action requise] cyber security situational awareness To: I-Network Uganda <i-network@dgroups.org>
From Uganda Computer Emergency Response Team CERT (UCC) …….
Good morning Ladies and Gentlemen, The CERT maintains a research honeypot which is run to gather information about the motives and tactics of hacker communities targeting different networks. The primary objective of the honeypot is to provide cyber security situational intelligence and also to research the threats that operators face and to learn how to better protect against those threats.
From the gathered information we note that at one any time we are under attack either directly or indirectly.
Over the last 24 hours we see *persistent attacks* from the following sources (countries). This information confirms the fact that cyber-attacks are real happenings and are a global problem. *Country * *Count* 1 China 1,728 2 Brazil 785 3 Ukraine 734 4 United States 727 5 Russia 674 6 France 655 7 Czechia 635 8 Argentina 468 9 Iraq 378 10 Mexico 295 We note the attacks are geared towards the following ports, with traffic mismatch. For example we note SIP traffic being routed to port 80, yet SIP traffic uses port 5060 and 5061 for communications. *dest_port* *count* 22 4262 23 1481 80 1325 5060 1201 5358 145 3389 122 2323 77 8080 72 8545 65 443 57 Similarly, we note the following usernames /passwords are the most commonly used for attempted account hijacking; *Top Usernames * *Top Passwords* 1 Admin support 2 Support admin 3 User password 4 Administrator 1234 5 Default Default We strongly encourage you to avoid using the above usernames or passwords as they are the most commonly used for account hijacking. Most computing devices use the above usernames by default, it is recommended you change the usernames to those that are not easily guessed or used. Regards [image: cid:image001.png@01D1F7B2.828CF410] *COMPUTER EMERGENCY RESPONSE TEAM * Uganda Communications Commission 42-44, Spring Road - Bugolobi <https://maps.google.com/?q=42-44,+Spring+Road+-+Bugolobi&entry=gmail&source=g>, P.O Box 7376 Kampala. Toll free: 0800 133 911 *www.ug-cert.ug <http://www.ug-cert.ug>* [image: cid:image002.png@01D1EF38.16ED9110] <https://www.facebook.com/UgCERT> [image: cid:image003.png@01D1EF38.16ED9110] <https://twitter.com/UgCERT> You are receiving this message because you are a leader of the community I-Network Uganda <https://dgroups.org/iicd/i-network>. All community leaders receive these notifications immediately regardless of their email settings for this community. MAILING LIST RULES - http://www.i-network.or.ug/ index.php?option=com_content&view=article&id=189&Itemid=193 WEEKLY DISCUSSION ROUNDUPS - http://www.i-network.or.ug/ index.php?option=com_content&view=category&id=191&Itemid=208 QUARTERLY eNEWSLETTERS - http://www.i-network.or.ug/ index.php?option=com_content&view=section&id=34&Itemid=194 WEBSITE - www.i-network.or.ug TWITTER - http://twitter.com/inetwork FACEBOOK - https://www.facebook.com/inetwork.ug The I-Network Dgroup is a platform for ICT Knowledge Sharing ------------------------------------------------------------ --------------------- Visit [web site]( http://dgroups.org/iicd/i-network/ ) Click [here]( mailto:leave.i-network@dgroups.org ) to unsubscribe The email is intended only for the recipients. The owners of the Dgroups cannot be held responsible for the contents of the email message. -- Barrack O. Otieno +254721325277 +254733206359 Skype: barrack.otieno PGP ID: 0x2611D86A
The link below on WEF Digital Policy will be of interest to the ICT community in Kenya. http://www3.weforum.org/docs/White_Paper_Digital_Policy_Playbook_Approaches_... Ndemo. On Wed, Sep 13, 2017 at 9:58 AM, Barrack Otieno via kictanet < kictanet@lists.kictanet.or.ke> wrote:
Listers,
Just following this from our semejis or is it shemjis across the border. Is it possible for CA to avail this kind of reports to the community?
Regards ---------- Forwarded message ---------- From: Margaret Sevume <sevume@i-network.or.ug> Date: Tue, Sep 12, 2017 at 2:25 PM Subject: [i-network] [Action requise] cyber security situational awareness To: I-Network Uganda <i-network@dgroups.org>
From Uganda Computer Emergency Response Team CERT (UCC) …….
Good morning Ladies and Gentlemen,
The CERT maintains a research honeypot which is run to gather information about the motives and tactics of hacker communities targeting different networks. The primary objective of the honeypot is to provide cyber security situational intelligence and also to research the threats that operators face and to learn how to better protect against those threats.
From the gathered information we note that at one any time we are under attack either directly or indirectly.
Over the last 24 hours we see *persistent attacks* from the following sources (countries). This information confirms the fact that cyber-attacks are real happenings and are a global problem.
*Country *
*Count*
1
China
1,728
2
Brazil
785
3
Ukraine
734
4
United States
727
5
Russia
674
6
France
655
7
Czechia
635
8
Argentina
468
9
Iraq
378
10
Mexico
295
We note the attacks are geared towards the following ports, with traffic mismatch. For example we note SIP traffic being routed to port 80, yet SIP traffic uses port 5060 and 5061 for communications.
*dest_port*
*count*
22
4262
23
1481
80
1325
5060
1201
5358
145
3389
122
2323
77
8080
72
8545
65
443
57
Similarly, we note the following usernames /passwords are the most commonly used for attempted account hijacking;
*Top Usernames *
*Top Passwords*
1
Admin
support
2
Support
admin
3
User
password
4
Administrator
1234
5
Default
Default
We strongly encourage you to avoid using the above usernames or passwords as they are the most commonly used for account hijacking. Most computing devices use the above usernames by default, it is recommended you change the usernames to those that are not easily guessed or used.
Regards
[image: cid:image001.png@01D1F7B2.828CF410]
*COMPUTER EMERGENCY RESPONSE TEAM *
Uganda Communications Commission
42-44, Spring Road - Bugolobi <https://maps.google.com/?q=42-44,+Spring+Road+-+Bugolobi&entry=gmail&source=g>, P.O Box 7376 Kampala.
Toll free: 0800 133 911 *www.ug-cert.ug <http://www.ug-cert.ug>*
[image: cid:image002.png@01D1EF38.16ED9110] <https://www.facebook.com/UgCERT> [image: cid:image003.png@01D1EF38.16ED9110] <https://twitter.com/UgCERT>
You are receiving this message because you are a leader of the community I-Network Uganda <https://dgroups.org/iicd/i-network>. All community leaders receive these notifications immediately regardless of their email settings for this community. MAILING LIST RULES - http://www.i-network.or.ug/ind ex.php?option=com_content&view=article&id=189&Itemid=193
WEEKLY DISCUSSION ROUNDUPS - http://www.i-network.or.ug/ind ex.php?option=com_content&view=category&id=191&Itemid=208
QUARTERLY eNEWSLETTERS - http://www.i-network.or.ug/ind ex.php?option=com_content&view=section&id=34&Itemid=194
WEBSITE - www.i-network.or.ug
TWITTER - http://twitter.com/inetwork
FACEBOOK - https://www.facebook.com/inetwork.ug
The I-Network Dgroup is a platform for ICT Knowledge Sharing
------------------------------------------------------------ --------------------- Visit [web site]( http://dgroups.org/iicd/i-network/ ) Click [here]( mailto:leave.i-network@dgroups.org ) to unsubscribe The email is intended only for the recipients. The owners of the Dgroups cannot be held responsible for the contents of the email message.
-- Barrack O. Otieno +254721325277 +254733206359 Skype: barrack.otieno PGP ID: 0x2611D86A
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/ mailman/options/kictanet/bndemo%40bitangendemo.me
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
Cool! Thanks - great to be highlighted like this. Sent from my iPhone
On Sep 17, 2017, at 3:08 PM, Bitange Ndemo via kictanet <kictanet@lists.kictanet.or.ke> wrote:
The link below on WEF Digital Policy will be of interest to the ICT community in Kenya. http://www3.weforum.org/docs/White_Paper_Digital_Policy_Playbook_Approaches_...
Ndemo.
On Wed, Sep 13, 2017 at 9:58 AM, Barrack Otieno via kictanet <kictanet@lists.kictanet.or.ke> wrote: Listers,
Just following this from our semejis or is it shemjis across the border. Is it possible for CA to avail this kind of reports to the community?
Regards ---------- Forwarded message ---------- From: Margaret Sevume <sevume@i-network.or.ug> Date: Tue, Sep 12, 2017 at 2:25 PM Subject: [i-network] [Action requise] cyber security situational awareness To: I-Network Uganda <i-network@dgroups.org>
From Uganda Computer Emergency Response Team CERT (UCC) …….
Good morning Ladies and Gentlemen,
The CERT maintains a research honeypot which is run to gather information about the motives and tactics of hacker communities targeting different networks. The primary objective of the honeypot is to provide cyber security situational intelligence and also to research the threats that operators face and to learn how to better protect against those threats.
From the gathered information we note that at one any time we are under attack either directly or indirectly.
Over the last 24 hours we see persistent attacks from the following sources (countries). This information confirms the fact that cyber-attacks are real happenings and are a global problem.
Country
Count
1
China
1,728
2
Brazil
785
3
Ukraine
734
4
United States
727
5
Russia
674
6
France
655
7
Czechia
635
8
Argentina
468
9
Iraq
378
10
Mexico
295
We note the attacks are geared towards the following ports, with traffic mismatch. For example we note SIP traffic being routed to port 80, yet SIP traffic uses port 5060 and 5061 for communications.
dest_port
count
22
4262
23
1481
80
1325
5060
1201
5358
145
3389
122
2323
77
8080
72
8545
65
443
57
Similarly, we note the following usernames /passwords are the most commonly used for attempted account hijacking;
Top Usernames
Top Passwords
1
Admin
support
2
Support
admin
3
User
password
4
Administrator
1234
5
Default
Default
We strongly encourage you to avoid using the above usernames or passwords as they are the most commonly used for account hijacking. Most computing devices use the above usernames by default, it is recommended you change the usernames to those that are not easily guessed or used.
Regards
<image001.png>
COMPUTER EMERGENCY RESPONSE TEAM
Uganda Communications Commission
42-44, Spring Road - Bugolobi, P.O Box 7376 Kampala.
Toll free: 0800 133 911 www.ug-cert.ug
<image002.png> <image003.png>
You are receiving this message because you are a leader of the community I-Network Uganda. All community leaders receive these notifications immediately regardless of their email settings for this community.
MAILING LIST RULES - http://www.i-network.or.ug/index.php?option=com_content&view=article&id=189&Itemid=193
WEEKLY DISCUSSION ROUNDUPS - http://www.i-network.or.ug/index.php?option=com_content&view=category&id=191&Itemid=208
QUARTERLY eNEWSLETTERS - http://www.i-network.or.ug/index.php?option=com_content&view=section&id=34&Itemid=194
WEBSITE - www.i-network.or.ug
TWITTER - http://twitter.com/inetwork
FACEBOOK - https://www.facebook.com/inetwork.ug
The I-Network Dgroup is a platform for ICT Knowledge Sharing
--------------------------------------------------------------------------------- Visit [web site]( http://dgroups.org/iicd/i-network/ ) Click [here]( mailto:leave.i-network@dgroups.org ) to unsubscribe The email is intended only for the recipients. The owners of the Dgroups cannot be held responsible for the contents of the email message.
-- Barrack O. Otieno +254721325277 +254733206359 Skype: barrack.otieno PGP ID: 0x2611D86A
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/bndemo%40bitangendemo....
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/grant%40twigafoods.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
Dear Dr. Ndemo, Many thanks for the great document, it seems we have stalled on the innovation front and are simply piggybacking, your thoughts on how we can get out of the rut? Regards On 9/17/17, Bitange Ndemo <bndemo@bitangendemo.me> wrote:
The link below on WEF Digital Policy will be of interest to the ICT community in Kenya. http://www3.weforum.org/docs/White_Paper_Digital_Policy_Playbook_Approaches_...
Ndemo.
On Wed, Sep 13, 2017 at 9:58 AM, Barrack Otieno via kictanet < kictanet@lists.kictanet.or.ke> wrote:
Listers,
Just following this from our semejis or is it shemjis across the border. Is it possible for CA to avail this kind of reports to the community?
Regards ---------- Forwarded message ---------- From: Margaret Sevume <sevume@i-network.or.ug> Date: Tue, Sep 12, 2017 at 2:25 PM Subject: [i-network] [Action requise] cyber security situational awareness To: I-Network Uganda <i-network@dgroups.org>
From Uganda Computer Emergency Response Team CERT (UCC) …….
Good morning Ladies and Gentlemen,
The CERT maintains a research honeypot which is run to gather information about the motives and tactics of hacker communities targeting different networks. The primary objective of the honeypot is to provide cyber security situational intelligence and also to research the threats that operators face and to learn how to better protect against those threats.
From the gathered information we note that at one any time we are under attack either directly or indirectly.
Over the last 24 hours we see *persistent attacks* from the following sources (countries). This information confirms the fact that cyber-attacks are real happenings and are a global problem.
*Country *
*Count*
1
China
1,728
2
Brazil
785
3
Ukraine
734
4
United States
727
5
Russia
674
6
France
655
7
Czechia
635
8
Argentina
468
9
Iraq
378
10
Mexico
295
We note the attacks are geared towards the following ports, with traffic mismatch. For example we note SIP traffic being routed to port 80, yet SIP traffic uses port 5060 and 5061 for communications.
*dest_port*
*count*
22
4262
23
1481
80
1325
5060
1201
5358
145
3389
122
2323
77
8080
72
8545
65
443
57
Similarly, we note the following usernames /passwords are the most commonly used for attempted account hijacking;
*Top Usernames *
*Top Passwords*
1
Admin
support
2
Support
admin
3
User
password
4
Administrator
1234
5
Default
Default
We strongly encourage you to avoid using the above usernames or passwords as they are the most commonly used for account hijacking. Most computing devices use the above usernames by default, it is recommended you change the usernames to those that are not easily guessed or used.
Regards
[image: cid:image001.png@01D1F7B2.828CF410]
*COMPUTER EMERGENCY RESPONSE TEAM *
Uganda Communications Commission
42-44, Spring Road - Bugolobi <https://maps.google.com/?q=42-44,+Spring+Road+-+Bugolobi&entry=gmail&source=g>, P.O Box 7376 Kampala.
Toll free: 0800 133 911 *www.ug-cert.ug <http://www.ug-cert.ug>*
[image: cid:image002.png@01D1EF38.16ED9110] <https://www.facebook.com/UgCERT> [image: cid:image003.png@01D1EF38.16ED9110] <https://twitter.com/UgCERT>
You are receiving this message because you are a leader of the community I-Network Uganda <https://dgroups.org/iicd/i-network>. All community leaders receive these notifications immediately regardless of their email settings for this community. MAILING LIST RULES - http://www.i-network.or.ug/ind ex.php?option=com_content&view=article&id=189&Itemid=193
WEEKLY DISCUSSION ROUNDUPS - http://www.i-network.or.ug/ind ex.php?option=com_content&view=category&id=191&Itemid=208
QUARTERLY eNEWSLETTERS - http://www.i-network.or.ug/ind ex.php?option=com_content&view=section&id=34&Itemid=194
WEBSITE - www.i-network.or.ug
TWITTER - http://twitter.com/inetwork
FACEBOOK - https://www.facebook.com/inetwork.ug
The I-Network Dgroup is a platform for ICT Knowledge Sharing
------------------------------------------------------------ --------------------- Visit [web site]( http://dgroups.org/iicd/i-network/ ) Click [here]( mailto:leave.i-network@dgroups.org ) to unsubscribe The email is intended only for the recipients. The owners of the Dgroups cannot be held responsible for the contents of the email message.
-- Barrack O. Otieno +254721325277 +254733206359 Skype: barrack.otieno PGP ID: 0x2611D86A
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/ mailman/options/kictanet/bndemo%40bitangendemo.me
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
-- Barrack O. Otieno +254721325277 +254733206359 Skype: barrack.otieno PGP ID: 0x2611D86A
participants (3)
-
Barrack Otieno -
Bitange Ndemo -
Grant Brooke