In the world of today, the increasing number of attacks against computer systems and data is a growing concern for both cyber security professionals and the law enforcement. A successful response to these is often hampered by a lack of coordination and common approach of these communities to what should be the ultimate common goal – ensuring a safer cyberspace for all.
To address these challenges, CyberEast and iProceeds-2 projects, funded by the European Union and the Council of Europe, in partnership with the Cybersecurity EAST project funded by the European Union, organised during 7-11 March 2022 in Athens, Greece a Regional Cyber Exercise focused thematically on cooperation between the cybersecurity community (primarily CSIRTs) with the law enforcement in handling and investigating a malware attack orchestrated by a criminal group. The exercise brought together 40 experts from East and South-East European countries under the guidance of a team of international experts and the exercise partners of TR-CERT(USOM), Turkey.
The delegates had to save the residents of the virtual country of Freedonia from falling victim to a ransomware attack on a fictitious energy company. Using international instruments such as the Budapest Convention on Cybercrime, they set out identifying important information for the investigation of the case and incident. In each group, representatives of the CERT community issued remediation advice, provided forensics services and traced the origin of the attack on the basis of forensic images provided by the organisation. At the same time, Law enforcement and Financial Investigators cast a net into the data related to the incident, only to identify questionable practices by the companies’ CEO. The companies’ offices were searched for evidence of wrongful misconduct, whilst investigations into the source of the attack continued as several lines of inquiry were opened.
During the last day of the exercise, a preliminary hearing concerning the case and its prosecution was held in a moot court where teams argued the case based on the evidence gathered. With the strong interdisciplinary cooperation that displayed, the citizens of Freedonia can rest assured that a major incident was averted, their energy supply was assured, and justice served.
Given the transnational nature of cybercrime, this event was a great opportunity to expand business contacts and to strengthen cooperation between law enforcement agencies to a new level. This will definitely affect the effectiveness of fighting against cybercrime, Sasun GRIGORYAN, Investigative Committee of the Republic of Armenia
I liked to cooperate with team members and learn how others deal with technical details. If such case would appear in my country, I will know the exact steps on how to complete it, George SURGULADZE, National Bureau of Forensics, Georgia
In addition, a regional conference also took place, organised with the contribution of the European Union Agency for Cybersecurity (ENISA). Jo De MUYNCK, Head of the Operational Cooperation Unit (OCU), ENISA, Silvia PORTESI, Cybersecurity Expert, ENISA, and Alexandros ZACHARIS, Cybersecurity expert, ENISA presented the principles and procedures of cooperation between law enforcement and CSIRTs as well as training and exercises strategy.
The event was overshadowed by the war of the Russian Federation against Ukraine that is accompanied by massive cyberattacks. On 25 February 2022, the Council of Europe decided to suspend the rights of representation of the Russian Federation because of this aggression. Strengthening capacities for cybersecurity and on cybercrime is now more important than ever.