01/03/2016

1

1

2

Simulations of large-scale cybersecurity incidents and EU-wide cyber crises

Advanced technical cybersecurity incidents

Business continuity and crisis management situations

Exciting scenarios, inspired by real-life events

National and international cooperation

Flexible learning experience

01/03/2016

2

3

5

Each month as from April 2016 and until October, a new piece of the puzzle will be

released

October 2016, for two days. Exact dates to be communicated upon registration.

Incidents will be available until end of exercise, re-opened in 2017 for self-paced

training.

01/03/2016

3

6

Incidents concerning the IT, telecommunication and cybersecurity industries

Potential impacts in other sectors as well, sub-scenarios can easily be integrated

The technical cybersecurity incidents include:

forensic and malware analysis

mobile devices infection

malvertisement campaigns

open source intelligence

analysis of DDoS, and many more…

7

ID Title

1 Malvertisement Campaign

2 Mobile Malware Generic

3 Mobile Malware Targeted

4 Anti-forensics Malware

5 Corporate Forensics Crime Scene –

Exfiltration (Part A)

6 Corporate Forensics Crime Scene –Exfiltration (Part B)

7 Attack of the Drones – UAV Forensics

8 Linux Server Forensics

9 Linux Malware Analysis

10 Windows Malware Analysis

(Ransomware)

11 Social Engineering Campaign – Spear

Phishing

12 DDOS attacks against clients

13 DDOS attacks on core network

14 Virtualization Escape Attack

15 Compromised Cloud Server – Server

Forensics

01/03/2016

4

8https://www.youtube.com/watch?v=2wVsB1WCfNg

9

IT security and business continuity/crisis management teams

The scenario requires knowledge in cybersecurity issues

There will be different types of topics, expertise in all of them is not required by a

single team.

Participating organisations will vary by country, for example

• National cybersecurity agencies, CSIRTs, Ministry relevant ICT, relevant public agencies, regulators,

ISPs, mobile services providers, cloud service providers, data centres, cybersecurity service

providers such as antivirus companies, private CSIRTs.

01/03/2016

5

11

It is a great opportunity to test internal business continuity and IT security policies

IT security teams will have hands-on incident handling opportunities

Can develop working relationships with competent national authorities and private

stakeholders

Find out the actors at national and European level when it comes to cyber crises

Be part of the growing EU community of IT security specialists

Have fun!

12

www.cyber-urope.eu

C3 [@] enisa.europa.eu