Empowering SJOs in Kenya to Detect, Investigate, and Track Malicious Infrastructure

Spread ...

Date: 24-25 Sep 2024 | Time: 8:00 AM – 5: 00 PM | Venue: Nairobi

Introduction

The Tatua Digital Resilience Centre will conduct a 2-day training on detecting, investigating, and tracking malicious infrastructure for SJOs in Kenya. The technical workshop will target the IT and technical staff of SJOs to build their capacity for identifying and investigating malicious emails, links, and domains. By understanding the tactics and techniques used by attackers, participants will be better able to protect their organisations’ digital assets and ensure their continued operations. After training, Tatua will offer the participating SJOs direct virtual assistance in deploying and configuring tools to identify, investigate, report, and mitigate suspicious activity. The Centre’s staff will also be available to guide SJOs during investigations of suspicious activity and the removal of associated infrastructure.

Background and Context

In recent years, Social Justice Organizations (SJOs) have increasingly relied on digital platforms to advocate for their causes, connect with their communities, and mobilise support. However, this increased reliance has also made them vulnerable to growing cyber threats. For instance, malicious infrastructure has become a powerful tool for attackers to steal credentials and data or deliver socially engineered compromises against SJOs. These threats pose significant risks to SJOs, including:

  1. Disruption of operations, websites, networks, and services, hindering their ability to operate effectively.
  2. Data breaches, where sensitive information, such as donor data, contact lists, and confidential documents, can be stolen and misused.
  3. Cyberattacks can damage the reputation of SJOs, undermining their credibility and public trust.
  4. Legal liabilities and financial losses as a result of cyberattacks.

In addition, many SJOs face unique challenges including limited technical resources, funding constraints, and political repression, that prevent them from effectively fighting against malicious infrastructure. To mitigate some of these challenges, the Internet community has published excellent guides that cover a wide range of digital security topics. As part of this community, KICTANet, through Tatua, has conducted basic digital security and cyber hygiene workshops for at-risk communities. The Tatua website contains several resources for SJOs to utilise for cyber hygiene and digital security awareness. 

Despite these efforts, there is a need for more specialised knowledge and skills to mitigate the emerging sophistication of cyber attacks against civil society. This specialised technical expertise (STE) consists of knowledge needed for more specialised, in-depth interventions and investigations, such as web security, analysing malicious infrastructure & logs, or investigating malware. Unfortunately, many SJOs lack the time and resources for regular and in-depth practice and tools required to master STE.

To address these gaps, Internews, together with partners created a community-developed framework for digital protectors (digital security trainers, technologists, auditors, etc.) to advance their knowledge and skill sets in areas of STE. KICTANet, through Tatua, has partnered with Internews to provide STE training and technical support to the IT staff of 30 SJOs to make much-needed STE more widely available in contexts where at-risk communities need it the most. The training and support aim to upskill protectors who already have established trust with these communities by localising expertise, as well as expanding accessibility to and increasing the diversity of providers of specialised digital security support. 

Objectives

  1. To provide participants with a deep understanding of the tactics and techniques used to deploy malicious infrastructure against SJOs.
  2. To introduce participants to the latest tools and techniques for malicious infrastructure detection, investigation, documentation, and reporting.
  3. To empower participants to develop effective strategies to prevent, detect, and respond to malicious infrastructure threats.

Expected Outcomes 

Upon completion of the workshop, participants will be able to:

  1. Identify and analyse common tactics and techniques used by attackers to deploy malicious infrastructure.
  2. Utilise various tools and techniques for malicious infrastructure detection, investigation, and response.
  3. Apply the knowledge and skills gained in the workshop to train colleagues and enhance the digital security of their respective organisations.

Format of the Event

The workshop will be a 2-day intensive training session, combining presentations, hands-on exercises, and group discussions. The format will be designed to provide a practical and engaging learning experience for participants.

Attendees

The workshop is targeted towards the IT and technical staff of 30 Social Justice Organizations (SJOs). Ideal attendees will have a basic understanding of cybersecurity concepts and a desire to enhance their skills in combating malicious infrastructure threats. 

Note: Participants are encouraged to bring their laptops or devices for hands-on exercises to ensure maximum benefit.

About KICTANet & Tatua Digital Resilience Centre

KICTANet is a multistakeholder ICT policy think tank that aims to catalyse reforms in the ICT sector. Registered as a Trust in 2016, KICTANet’s overall mission is to promote an enabling environment in the ICT sector that is robust, open, accessible, and rights-based through multistakeholderism. KICTANet conducts advocacy, research, capacity building, and stakeholder engagement through its various platforms. In 2022, KICTANet established the Tatua Digital Resilience Centre to support social justice organisations in East Africa, to maintain, grow, change, recover, and survive in a changing environment by implementing effective digital controls and strategies. It provides support to SJOs in Kenya and works to advance digital rights. 

Empowering SJOs in Kenya to Detect, Investigate, and Track Malicious Infrastructure

Date: 24-25 Sep 2024 | Time: 8:00 AM – 4: 30 PM | Venue: Nairobi

Program

TimeSession Facilitator
7:30 – 8:00  amArrival and RegistrationKICTANet
8:00 – 8:15 amIntroductions & Opening RemarksJohn Walubengo, Chairman Tatua
8:15 – 8:30 amObjectives and Overview of Training SessionKICTANet
8:30 – 10:00 amOverview of Phishing Attacks:
➤Malicious infrastructure architecture 
➤Characteristics of Phishing Attacks
➤Types of Phishing attacks 
➤Identifying Indicators of Compromise 
➤Triage: When to investigate ➤Interpersonal skills for malicious infrastructure response
Jacinta Wothaya
10:00 – 10:30 amPhishing simulation exerciseJacinta Wothaya
10:30 – 11:00 amTEA BREAK
11:00 – 12:00 pmOverview of Passive Investigation- 
➤Safe handling of IOCs
➤Analysing email headers
➤Analysing URLs, hostnames, and IP addresses
John Gathii
12:00 – 1:00 pmOverview of Active Investigation –
➤Analysing malicious emails 
➤Analysing malicious web pages
Neno Newa
1:00 – 2:00 pmLUNCH BREAK
2:00 – 2:30 pmHow to Document FindingsJohn Gathii
2:30 – 4:00 pmPassive Investigation- Practical Walkthrough
➤Safe handling of IOCs
➤Analysing URLs, hostnames, and IP addresses
Neno Newa
4:00 – 4:30 pmEvaluation Forms & Closing RemarksKICTANet
4:30  pmTEA BREAK/END OF WORKSHOP

DAY 2

Time Session Facilitators
7:30 – 8:00  amArrival and RegistrationKICTANet
8:00 – 8:20 amRecap of Day 1Flo Oyier
8:20 – 8:30 amObjective and Overview of Day 2Neno Newa
8:30 – 9:30 amPassive Investigation – Practical Walkthrough
➤Analysing email headers
Neno Newa
9:30 – 10:30 amActive Investigation – Practical Walkthrough
➤Analysing malicious emails
Jacinta Wothaya
10:30 – 11:00 amTEA BREAK
11:00 – 12:30 pmActive Investigation – Practical Walkthrough
➤Analysing Malicious Web Pages
John Gathii
12:30 – 1:00 pm➤Response – Infrastructure Takedown
➤How to use Tatua tools to conduct training & Best Practices
Jacinta Wothaya
1:00 – 2:00 pmLUNCH BREAK
2:00 – 3:00 pmSkill Assessment  ExerciseNeno Newa
3:00 – 4:00 pmSkill Assessment ReviewJohn Gathii
4:00 – 4:30Plenary & Evaluation FormsAll
4:30 – 4:40 pmClosing RemarksKICTANet
4:40 pmTEA BREAK/END OF WORKSHOP

Leave a Reply

Your email address will not be published. Required fields are marked *