Empowering SJOs in Kenya to Detect, Investigate, and Track Malicious Infrastructure

Introduction

The Tatua Digital Resilience Centre will conduct a 2-day training on detecting, investigating, and tracking malicious infrastructure for SJOs in Kenya. The technical workshop will target the IT and technical staff of SJOs to build their capacity for identifying and investigating malicious emails, links, and domains. By understanding the tactics and techniques used by attackers, participants will be better able to protect their organisations’ digital assets and ensure their continued operations. After training, Tatua will offer the participating SJOs direct virtual assistance in deploying and configuring tools to identify, investigate, report, and mitigate suspicious activity. The Centre’s staff will also be available to guide SJOs during investigations of suspicious activity and the removal of associated infrastructure.

Background and Context

In recent years, Social Justice Organizations (SJOs) have increasingly relied on digital platforms to advocate for their causes, connect with their communities, and mobilise support. However, this increased reliance has also made them vulnerable to the growing number of cyber threats. For instance, malicious infrastructure has become a powerful tool for attackers to steal credentials and data or deliver socially engineered compromises against SJOs. These threats pose significant risks to SJOs, including:

  • Disruption of operations, websites, networks, and services, hindering their ability to operate effectively.
  • Data breaches where sensitive information, such as donor data, contact lists, and confidential documents, can be stolen and misused.
  • Cyberattacks can damage the reputation of SJOs, undermining their credibility and public trust.
  • Legal liabilities and financial losses as a result of cyberattacks.

In addition, many SJOs face unique challenges including limited technical resources, funding constraints, and political repression, that prevent them from effectively fighting against malicious infrastructure. To mitigate some of these challenges, the Internet community has published excellent guides that cover a wide range of digital security topics. As part of this community, KICTANet, through Tatua, has conducted basic digital security and cyber hygiene workshops for at-risk communities. The Tatua website contains several resources for SJOs to utilise for cyber hygiene and digital security awareness. 

Despite these efforts, there is a need for more specialised knowledge and skills to mitigate the emerging sophistication of cyber attacks against civil society. This specialised technical expertise (STE) consists of knowledge needed for more specialised, in-depth interventions and investigations, such as web security, analysing malicious infrastructure & logs, or investigating malware. Unfortunately, many SJOs lack the time and resources for regular and in-depth practice and tools required to master STE.

To address these gaps, Internews, together with partners created a community-developed framework for digital protectors (digital security trainers, technologists, auditors, etc.) to advance their knowledge and skill sets in areas of STE. KICTANet, through Tatua, has partnered with Internews to provide STE training and technical support to the IT staff of 30 SJOs to make much-needed STE more widely available in contexts where at-risk communities need it the most. The training and support aim to upskill protectors who already have established trust with these communities by localising expertise, as well as expanding accessibility to and increasing the diversity of providers of specialised digital security support. 

Objectives

  • To provide participants with a deep understanding of the tactics and techniques used to deploy malicious infrastructure against SJOs.
  • To introduce participants to the latest tools and techniques for malicious infrastructure detection, investigation, documentation, and reporting.
  • To empower participants to develop effective strategies to prevent, detect, and respond to malicious infrastructure threats.

Expected Outcomes 

Upon completion of the workshop, participants will be able to:

  • Identify and analyse common tactics and techniques used by attackers to deploy malicious infrastructure.
  • Utilise various tools and techniques for malicious infrastructure detection, investigation, and response.
  • Apply the knowledge and skills gained in the workshop to train colleagues and enhance the digital security of their respective organisations.

Format of the Event

The workshop will be a 2-day intensive training session, combining presentations, hands-on exercises, and group discussions. The format will be designed to provide a practical and engaging learning experience for participants.

Attendees

The workshop is targeted towards the IT and technical staff of 30 Social Justice Organizations (SJOs). Ideal attendees will have a basic understanding of cybersecurity concepts and a desire to enhance their skills in combating malicious infrastructure threats. 

Note: To ensure maximum benefit, participants are encouraged to bring their laptops or devices for hands-on exercises.

About KICTANet & Tatua Digital Resilience Centre

KICTANet is a multistakeholder ICT policy think tank that aims to catalyse reforms in the ICT sector. Registered as a Trust in 2016, KICTANet’s overall mission is to promote an enabling environment in the ICT sector that is robust, open, accessible, and rights-based through multistakeholderism. KICTANet conducts advocacy, research, capacity building, and stakeholder engagement through its various platforms. In 2022, KICTANet established the Tatua Digital Resilience Centre to support social justice organisations in East Africa, to maintain, grow, change, recover, and survive in a changing environment by implementing effective digital controls and strategies. It provides support to SJOs in Kenya and works to advance digital rights. 

Empowering SJOs in Kenya to Detect, Investigate, and Track Malicious Infrastructure

Date: 24-25 Sep 2024 | Time: 8:00 AM – 5: 00 PM | Venue: TBC

Program

Day 1

Time Session Facilitators
7:30 – 8:00  am Arrival and Registration KICTANet
8:00 – 8:15 am Welcome and Introductions KICTANet
8:15 – 8:30 am Objective and Overview of Training Session KICTANet
8:30 – 9:00 am Overviews of Phishing Attacks:

  • Malicious infrastructure architecture 
  • Characteristics of Phishing Attacks
  • Types of Phishing attacks 
  • Identifying Indicators of Compromise 
TBC
9:00 – 09:30 am TEA BREAK
9:30 – 10:00 am Triage: When to investigate & the interpersonal skills required for Malicious infrastructure response  TBC
10:00 – 11:30 am Passive Investigation- 

  • Safe handling of links and infrastructure
  • Analysing URLs, hostnames, and IP addresses
TBC
11:30  – 1:00 pm  Practical Exercise Walkthrough  TBC
1:00 – 2:00 pm  LUNCH BREAK
2:00 – 2:30 pm Passive Investigation- 

  • Analysing email headers
  • Analysing malicious emails 
TBC
2:30 – 4:30 pm Practical Exercise Walkthrough  TBC
4:30 – 5:00 pm Evaluation Forms & Closing Remarks TBC
5:00 pm TEA BREAK/END OF WORKSHOP

Day 2

Time Session Facilitators
7:30 – 8:00  am Arrival and Registration TBC
8:00 – 8:20 am Recap of Day 1 TBC
8:20 – 8:30 am Objective and Overview of Day 2 TBC
8:30 – 9:00 am Phishing Simulation exercise TBC
9:00 – 09:30 am TEA BREAK
9:30 – 10:30 am Active Investigation – Analysing malicious web pages TBC
10:30  – 12:00 pm  Practical Exercise Walkthrough  TBC
12:00 – 1:00 pm Documenting Findings TBC
1:00 – 2:00 pm  LUNCH BREAK
2:00 – 2:30 pm Response – Infrastructure Takedown TBC
2:30 – 4:00 pm Skill Assessment  Exercise  TBC
4:00 – 4:30  Plenary  TBC
4:30 – 5:00 pm Evaluation Forms & Closing Remarks TBC
5:00 pm TEA BREAK/END OF WORKSHOP

 

Loading