One Year Handling Cybersecurity Incidents
As reported by Graciela Martínez, head of LACNIC WARP, since it began operating in March 2015, LACNIC’s center for coordinating computer security incident responses has already handled more than 140 incidents in the region.
LACNIC WARP (http://warp.lacnic.net/) is a team created to facilitate cybersecurity incident handling where members of the community can report their cybersecurity issues and have access to updated information on latent threats in Latin America and the Caribbean.
The more than 140 incidents handled during this first year were related to the Internet resources managed by LACNIC and involved both autonomous systems and IP addresses.
Martínez shared statistics of the WARP’ first year, noting that the largest percentage of incidents were cases of phishing 33%, followed by email abuse (account hacking or spam) 18%, others (users complaining of various incidents) 17%, and malware (software designed to perform malicious actions) 10.4%.
LACNIC WARP also has statistics on Autonomous Systems and IP address ranges of our region used to send spam, which will soon be shared with the community through the center’s website.
In addition, Martínez highlighted the fact that working together with other organizations has been extremely important, as it has allowed coordinating actions and detecting threats in a timely manner. “We are all responsible; working in the field of security demands that we join our forces. If two, three or more organizations are working on the same issue, there must be no duplication of efforts but instead proper coordination and information sharing. The speed with which we act when faced with a cybersecurity incident is critical,” noted the expert.
As an example she cited the center’s coordination with Interpol through which, in addition to offering training to law enforcement officers, LACNIC WARP focused on prevention and providing users with warnings about the crimes that are committed online.
The center has also worked on strengthening response capabilities in case of incidents involving Internet addresses assigned in Latin America and the Caribbean by promoting national CSIRTs. In this sense, close to 150 experts of the region received training in the form of workshops organized within the framework of AMPARO, a project that was incorporated into LACNIC WARP.
According to Martínez, LACNIC members should see the WARP as a point of reference for reporting cybersecurity incidents as well as a center for seeking help on how to solve such incidents in case of an attack.