News and Announcements 

ISACA Sri Lanka Signs MOU with ICTA3/27/2017 8:48 AM

ISACA Sri Lanka Chapter in keeping with its aim to sponsor local educational seminars and workshops, conducts regular chapter meetings, and help to further promote and elevate the visibility of the IS audit, control and security profession throughout the area, have made another step by signing an MOU with the  Information and Communication Technology Agency of Sri Lanka (ICTA). This come in the wake of ICTA’s strategy to


  1. Knowledge Enhancement Programme which had been implemented successfully in 2015 – 2016 benefiting over 260 IT professionals via 10 programmes which were highly demanded by the industry.
  2. Diversifying the knowledge dissemination base, in 2017 ICTA has planned to implement a series of training on Cyber Security.


The objective of ICTA in initiating this program is to create 2,000 IT Security Professionals by the end of 2017 and 12,000 Security Professionals by the year 2020.

As the starting point ICTA intends planned to launch with CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager) and CSX (Cyber Security Nexus) which will lead to 3 main internationally recognized Certifications of ISACA. ISACA Sri Lanka Chapter provide all resource personal for this endeavor and helps achieving this goal of training 2,000 IT Security Professional by end of 2017.


ISACA AGM 20163/5/2016 3:35 PM

Pictures of the 2016 AGM can be found at

One day conference on Crypto Currency 3/5/2016 3:25 PM

Pictures from the one day conference on crypto currency held in February 2016 can be found at

December 2015 members day3/5/2016 3:13 PM

Pictures from this memebers day can be found at

2015 Chapter Directory Published12/7/2015 10:18 PM

The Directory can be downloaded from this link .

Video summary of chapter events for 2015 available on Facebook !10/25/2015 1:08 AM

Join us and have a look back at our year thus far !

Confernce on Digital Crimes9/8/2014 11:41 AM

Please find below a link to some pictures from the event

"Heartbleed” – The Newest Worry in Cyberspace6/9/2014 10:31 PM


By Dinithi Edirappuli, Surain Silva, & Mithun Sivadas

Have you heard of ‘Heartbleed’?  This is the latest significant security flaw discovered by Google and Codenomicon.

What is Heartbleed?

To understand Heartbleed the concept of Secure Socket Layer (“SSL”) is needed. SSL is a protocol which encrypts your data so that nobody can read it while in transit.  Unfortunately, the open-source implementation of SSL it allows attackers to eavesdrop and steal any information during communications. This ingrained flaw is known as Heartbleed.

This flaw allows online intruders to access your personal and sensitive information entered/stored in websites (e.g. Usernames, Passwords, National Identity Card number, Credit Card numbers etc.).

How did it happen?

This bug surfaced due to an original code flaw in the open-source SSL implementation.

How can we resolve this?

Unfortunately, there is not much individual users can do to rectify this security flaw. It is the website’s responsibility to update their Open SSL into the bug free safer version (i.e., version 1.0.1g), obtain new security certifications, and regenerate new encryption keys. However, below are a few tips for the end-users to minimize the impact of the bug:

·        Do not use the same username and password for all websites;

·        Use free tools such as to ensure that the website you are using is secured from the Heartbleed flaw  (e.g. go to “” website and copy paste the URL or website name that you wish to verify);

·        If the tool, such as verifies that your website is secured from the Heartbleed flaw, then more than likely security was enforced recently. To further enhance your security, immediately change your password (as the previous password may have been compromised prior to the fix).  If it doesn’t verify, be aware that your information associated with the website is vulnerable;

·        Be proactive and do not hesitate to check with the IT Department at your educational institution or your employer whether the Heartbleed flaw has been corrected.  If it is not corrected, alert relevant leaders of the potential security risks.

Remember that the Heartbleed flaw makes your individual information vulnerable to online intruders. So be proactive and attempt to secure yourself.

(The writers are Information Technology Auditors).

Pictures from the Memebers day at UCSC5/17/2014 4:56 PM


ISACA Srilanka Wins Award for Best Medium Chapter in Asia !5/17/2014 3:40 PM

Article on The evolution of computing and innovation of technology4/10/2014 9:03 PM

An article on The evolution of computing and innovation of technology written by our very own chapter secretary Mr.  Kumar Manthri  was published on .

March Members Day on Analytics3/25/2014 10:59 PM

A few pictures from the event :

Revision Classes for June CISA & CISM Exams2/26/2014 9:56 PM

Register  now for our revision classes . Seats are Limited !
Registration Deadline : 8th March 2014
For Further Details

January 2014 Members Day2/26/2014 9:47 PM

A few pictures from the event :

Members day on PCI DSS2/26/2014 9:38 PM

Some Pictures from the Event :

One Day Seminar on BIG Data 2/26/2014 9:15 PM

Some pictures from the event :

July 2013 Members Day2/22/2014 1:15 PM

A few pictures of the event :

1 Day Seminar on Evolving role of IT 2/22/2014 1:05 PM

A few pictures from the event

April 2013 Members Day2/19/2014 11:00 PM

A few pictures from the April Members Day

The ISACA Cricket Team @ the FITIS Cricket Tournament 20132/19/2014 10:41 PM

A few pics from the match .

March 13 2013 Members Day9/7/2013 8:23 AM

Some pictures from our march members day

Article on Botnets6/6/2013 5:09 PM


by Mr Kumar Manthri - Marketing Director

To an avid IT security connoisseur, the recent news of mass cyber-attacks using “bots and Zombies” would not be alarming. This would not make this enthusiast think, even for a moment, that the computer world has been over taken by the living dead or better yet alien forces, but only one thing would come to mind "Botnets".                         

Botnet, according to google, is a collection of Internet-connected programs communicating with other similar programs in order to perform tasks1. The term bot is derived from “ro-bot “. Bot is a generic term used to describe a script or set of scripts designed to perform predefined functions in automated fashion2.

Because of their network-based, coordinated and controlled nature; Botnets are currently one of the most dangerous species of attacks that roam the Internet.

Deriving their power both in their cumulative bandwidth and their access capabilities, botnets can cause severe network outages through massive distributed denial-of-service attacks3.

Because of their distributed architecture, and their propagating, self-organizing, and autonomous framework that is under a command and control (C2 or C&C) infrastructure, botnets are quietly different from other types of known malwares. They can spread over millions and millions of computers with the same nature as worms do. However what makes it even more dangerous is that unlike worms, zombie nodes in a single botnet can work in co-operation and at the same time be managed from a single “hive-like” mentality.

Because of this, botnets cannot be classified into the standard groups of threats like we do for other malwares. From the many works that try to summarize the taxonomy of botnets, we can understand that there are main classification areas of botnets are the topology of C&C architecture used, the propagation mechanism, the exploitation strategy and available set of commands used by perpetrator4.

 The creation of a botnet requires high level of planning, coordination and deep technical skill. A good, functional botnet can be characterized as a professionally designed and built tool, intended to be re-entered or sold for use by anyone with a novice skill set, on up5.  However the elements used for the infection and subsequent hijacking of a computer into a botnet are only 3:

1.       Used to infect the computers by tricking users into clicking an executable file. This can be done in a variety of ways such as drive-by infections, malicious PDFs and infected USB sticks6.

2.       Used to enables the cyber-criminal to issue instructions to the infected computer’s Trojan6.

3.       Used for the collection of information harvested from victims 6.

Besides being used to perform the normal set of attacks spamming, malware spreading, sensitive information leakage, identity fraud, click fraud; this ingenious technique are very valuable instruments in carrying out Advanced Persistent Threats (APT) for critical organizations.

Nevertheless the most famous, and yet very dangerous, threat posed by the use of Botnets is “Denial of Service” (DoS) attacks. This can be even made much more severe by ensuring that the targeted organization's network bandwidth is consumed from wide range of IP addresses, i.e. a distributed environment (DDos), where the victim's system/network administrator would not be able to isolate the source IP addresses used in the exploit, i.e. to add to the blacklist, as it would seem to come from regular end-user.

Even if evidence reveals that most commonly implemented by botnets are TCP SYN and UDP flooding attacks (Freiling, Holz, & Wicherski, 2005), the newest botnets are designed in such a was to make discovering and eliminating the source of control even more difficult. Instead of using the traditional command and control, server-centric model (such as IRC Server), the new botnet is said to utilize the peer to peer protocol that has been made popularized on the internets by many file sharing applications found on many plat forms .Using peer to peer, or p2p, it is no longer necessary to send commands from a physical server location. The internet protocol address, or IP, is dynamic (meaning constantly changing). The benefit of this is that it is much more difficult to trace back to the source7.

In 2007 this new kind of botnet arrived using an encrypted implementation that was based on the eDonkey protocol, originally called W32/Nuwar but later gained fame as the Storm worm.

Storm had about 100 peers hardcoded into it as hash values, which the malware decrypts and uses to check for new files to download8.

What made this even more interesting is that all these transactions were encrypted, so only the malware itself could decrypt and act upon the answers. The replies generally lead to URLs that download other binaries.Storm was responsible for the vast majority of spam   during 2007–2008 until it was taken down.

Initially Bots had run almost exclusively on versions of Windows. Recently, though, localized versions have emerged. Using the script language Perl, hackers created versions that ran on several flavors of Unix and Linux9.

 Due to the “open” format, of the later formats, and the boom in Android application and packages; new impetus has been injected to the use of Botnets. As this new Market has few restrictions when it comes to registering as a developer, which is implemented to encourage app developers to adopt the platform, this makes it is easier for cybercriminals to upload their malicious apps or their Trojanized counterparts. Concepts such as BYOD being implemented in many blue chip organizations, has allowed the introductions of many mobile devices which run Android Operating Systems. By this, the attack surface (i.e.  all of the different points through which an attacker could get into a business critical system in order to pilferage valuable data) has been considerably incremented. The attack vector had been made greater as mobiles are simpler to infect through any infected media10.

                 With the recent trends in cyber-warfare it would not be long where Botnets would be purchased or rented on the black market, or even worse be forcibly taken over from their nefarious owners and redirected to new targets. We know these things occur regularly, so it would be naive to not expect that government organizations or nation states around the globe have involved themselves in the acquisition of botnet capability for offensive and counter-offensive needs11.      

As cyber threats grow exponentially with new forms of attack vectors, security professionals need to be on guard and try to think out of the box in order to, not only detect potential attacks, but to thwart them as well. It can also be noted that time tested strategies such as defence in depth, Layering of Technologies, etc. would not be sufficient to prevent this theat. Conversely these may in fact give rise to the potential perpetrator having more attack vectors to perpetrate the crime. The best approach, I feel, is an easy one. That is, just to ensure that our own curiosity doesn't take us to places where our computer would rather not go. Or else we may just be the reason why botnets are able to grow at such an alarming rate.



1.            Google, retrieved 2013, March 9 from

2.            SANS, retrieved 2013, March 9 from malicious/bots-botnet-overview_1299

3.            Retrieved 2013, March 9 from

4.            Retrieved 2013, March 9 from

5. The hacker news, Retreived 2013, March 11 from

6., retrieved 2013, March 10 from

7. The hacker news, Retreived 2013, March 11 from

8. Mcafee, retirevied 2013,march11from,

 9. Mcafee, retirevied 2013, march 11 from.

10. The hacker news, Retreived 2013, march 11 from

11. Mcafee, retirevied 2013, march 11 from

 Kumar is in the Board of Directors of ISACA Sri Lanka Chapter, serving as the Marketing Director. Kumar works as an Information Systems Auditor at SJMS Associates, an esteemed firm of Chartered Accountants an independent correspondent firm to  Deloitte Touche Tohmatsu.