Cyber Exercise in Moldova

CybExer Organizes a Three-Day Exercise in Moldova

Between 14th and 16th June 2023 CybExer Technologies, in collaboration with e-Governance Academy, organized the Moldova Cybersecurity Capacity Building Exercise in Chişinău for officials from both the public and private sectors in Moldova. This exercise was part of a larger EU initiative to strengthen the country’s cybersecurity capacity.

One of the main objectives of this exercise was to establish a Cybersecurity community in Moldova, fostering the growth of this vital sector. The feedback from participants was overwhelmingly positive, as they found the event to be a valuable training experience. They expressed a desire for more similar events in the future.

The following outcomes were reported:

  • 83% of participants learned new defensive techniques from the event.
  • 97% of participants appreciated the realistic environment created in the Cyber Range.
  • 93% of participants were satisfied with the hands-on technical content of the event.
  • 100% of participants rated the event highly and would recommend it to their colleagues.

Exercise Details

This exercise in Moldova consisted of 3 parts – individual CTF exercise plus preparation training on the 14th and 1.5 -day, team-based, Threat-Hunting exercise between the 15th – 16th of June. On the final day, a hotwash session was held to provide feedback to the participants.

Agenda

  • 14th of June – CTF Training Exercise & Familiarization Training.

Participants were introduced to the cyber range environment through a solo CTF exercise. They also received training on essential blue team systems and services like MISP and Security Onion.

  • 15th of June – Threat Hunting Exercise

This was the first exercise day. The first day of the exercise focused on blue teams investigating and reporting existing vulnerabilities and red team activity within their systems. Phase 1 was completed.

  • 16th of June – Threat Hunting Exercise & Hotwash Session

The exercise continued with Phase 2. Afterward, a Hotwash session was held to provide an overview of the red team campaign and offer feedback to the participants.

Types of Exercises During the Project

Online CTF Exercise

Participants faced Jeopardy-style tasks that required various cybersecurity skills to find specific answers. These exercises provided participants with proof of reaching the desired goals.

Familiarization Training

Participants familiarized themselves with the cyber range environment, learning the tools and systems necessary for the Threat Hunting exercise. The Blue Teams were introduced to security and information-sharing tools such as MISP and Security Onion, as an example.

Threat Hunting Exercise

Threat Hunting is an effective exercise format for practicing cyber-attack detection, use of monitoring tools, and reporting. During this exercise, the blue teams are discouraged from hardening their systems to facilitate fair Red Team attacks. The blue teams were discouraged from hardening their systems to facilitate fair red team attacks. 

After the attacks occur, the blue teams are supposed to analyze their systems and find traces of the red team’s activity, or if they are proficient, they may catch the attacks live, making reporting easier. This happens in a competitive environment as participating teams rival each other to come out on top.

During the Threat Hunting exercise, the participants were evaluated in the following domains:

  • Performance Score – This basic component in the overall score represents successfully solved technical tasks.
  • Technical IoC Sharing – This component in the overall score represents the team’s ability to create situational awareness and cooperate in sharing technical IoC-s with other Blue Teams.
  • Reporting – This component in the overall score represents another important element in solving cyber security incidents: articulation. Articulation shall be looked at in two levels: incident reporting and situation reporting. This component of the score purports to motivate the teams to develop their “interface” of communication within the organization, which is crucial for successful decision-making and top-level crisis management.
  • Special Score – This component in the overall score represents the exercise management’s ability to address any issues of fairness or unforeseeable technical events. 

Conclusion

Organizing this project in Moldova was significant for enhancing the growth of the local cybersecurity community. The planned activities aimed to strengthen the resilience and expertise of Moldova’s government officials and critical service providers while raising awareness about the potential impact of cyber incidents.

Our team is delighted to take part in such initiatives and share our experiences with other organizations globally. 

If you would like to learn more about how we can assist your organization in better preparing for cybersecurity challenges and threats, please don’t hesitate to contact us.