Muutke küpsiste eelistusi

Art of Cyberwarfare: An Investigator's Guide to Espionage, Ransomware, and Organized Cybercrime [Pehme köide]

3.94/5 (169 hinnangut Goodreads-ist)
  • Formaat: Paperback / softback, 272 pages, kõrgus x laius: 234x177 mm
  • Ilmumisaeg: 26-Apr-2022
  • Kirjastus: No Starch Press,US
  • ISBN-10: 1718502141
  • ISBN-13: 9781718502147
Teised raamatud teemal:
Art of Cyberwarfare: An Investigator's Guide to Espionage, Ransomware, and Organized CybercrimeSuurem pilt
  • Formaat: Paperback / softback, 272 pages, kõrgus x laius: 234x177 mm
  • Ilmumisaeg: 26-Apr-2022
  • Kirjastus: No Starch Press,US
  • ISBN-10: 1718502141
  • ISBN-13: 9781718502147
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9781718502147.html
Märksõnad:
A practical guide to understanding and analyzing cyber attacks by advanced attackers, such as nation states. Original.

"This book is a guide to understanding the players in today's cyber wars, the techniques they use, and the process of analyzing their attacks. It provides an overview of actual cyber attacks conducted by nation-state actors and other advanced organizations and informs how defenders can track and attribute future attacks"--

A practical guide to understanding and analyzing cyber attacks by advanced attackers, such as nation states.

Cyber attacks are no longer the domain of petty criminals. Today, companies find themselves targeted by sophisticated nation state attackers armed with the resources to craft scarily effective campaigns. This book is a detailed guide to understanding the major players in these cyber wars, the techniques they use, and the process of analyzing their advanced attacks. Whether you’re an individual researcher or part of a team within a Security Operations Center (SoC), you’ll learn to approach, track, and attribute attacks to these advanced actors. 

The first part of the book is an overview of actual cyber attacks conducted by nation-state actors and other advanced organizations. It explores the geopolitical context in which the attacks took place, the patterns found in the attackers’ techniques, and the supporting evidence analysts used to attribute such attacks. Dive into the mechanisms of:

  •  North Korea’s series of cyber attacks against financial institutions, which resulted in billions of dollars stolen

  •  The world of targeted ransomware attacks, which have leveraged nation state tactics to cripple entire corporate enterprises with ransomware

  •  Recent cyber attacks aimed at disrupting or influencing national elections globally


The book’s second part walks through how defenders can track and attribute future attacks. You’ll be provided with the tools, methods, and analytical guidance required to dissect and research each stage of an attack campaign. Here, Jon DiMaggio demonstrates some of the real techniques he has employed to uncover crucial information about the 2021 Colonial Pipeline attacks, among many other advanced threats. He now offers his experience to train the next generation of expert analysts.

Arvustused

"Encompasses useful knowledge from the past and modern advanced threats seen today. Regardless of your expertise level, this book is an insightful read . . . Brittany Day, Director of Communications, Guardian Digital

For those looking for a guide to help them understand the new world of cyberwar, The Art of Cyberwarfare provides readers with a good overview of this expanding threat and what they can do to avoid being victims. Ben Rothke, Senior Information Security Manager, Tapad

"An informative and explanatory guide for cybersecurity experts and an enlightening read for novices. DiMaggio effectively details both the history of cybercrime and how it is seen today." Justice Levine, Communications Manager and Cloud Email Security Expert, Guardian Digital

"This book deserves to find a place on the shelf of everyone whose role involves protecting networks." Ian Barker, BetaNews

"A cross between an IBM presentation . . . and a Tom Clancy novel!" The Shepherdess, Amazon Reviewer

Acknowledgments xiii
Introduction xv
Who Should Read This Book? xviii
How This Book Is Organized xviii
PART I AN ADVANCED CYBER-THREAT LANDSCAPE
1(106)
Chapter 1 Nation-State Attacks
3(32)
China
4(1)
Titan Rain
5(1)
Hidden Lynx Espionage Campaigns
5(1)
Mandiant's APT1 Report
6(1)
The U.S. and China Cease-Fire of 2015
7(1)
Russia
8(2)
Moonlight Maze
10(2)
The Estonia Conflict
12(1)
The Georgia Conflict
13(1)
Buckshot Yankee
13(1)
Red October
14(2)
Iran
16(1)
The Early Years
16(2)
The 2011 Gmail Breach
18(2)
Shamoon
20(2)
United States
22(1)
Crypto AG
22(2)
Stuxnet
24(3)
Equation Group
27(3)
Regin
30(2)
North Korea
32(1)
Unit 121
33(1)
Cyberattacks
33(1)
Conclusion
34(1)
Chapter 2 State-Sponsored Financial Attacks
35(24)
Distributed DoS Attacks Against Financial Institutions
36(1)
The Dozer Attack
37(1)
Ten Days of Rain
38(1)
IRGC Targets U.S. Banks (2011-2013)
39(2)
Dark Seoul
41(2)
Russian Attacks Against Ukraine
43(1)
Billion-Dollar Robberies
44(1)
SWIFT Attacks
44(1)
The North Korea Financial Theft Model
45(6)
Bank of Bangladesh Response
51(1)
FAST Cash: A Global ATM Robbery
52(2)
Odinaff: How Cybercriminals Learn from Nation-States
54(3)
Conclusion
57(2)
Chapter 3 Human-Driven Ransomware
59(28)
GoGalocker
61(6)
SamSam
67(2)
Ryuk
69(1)
MegaCortex
70(1)
EvilCorp
70(1)
BitPaymer
71(1)
Indictment
72(1)
WastedLocker
73(2)
Linking These Ransomware Attacks
75(5)
Ransomware as a Service
80(1)
The DarkSide Gas Pipeline Attack
81(1)
Defensive Measures
82(2)
Conclusion
84(3)
Chapter 4 Election Hacking
87(20)
The 2014 Ukraine Presidential Election
88(3)
The Ukrainian Election Attack Model
91(1)
Fake Personas
91(1)
Propaganda Campaign
92(1)
DDoS and Data Theft
92(1)
Manipulation and Public Release of Stolen Political Data
93(1)
Malware and Fraudulent Election Data
93(1)
The 2016 U.S. Presidential Election
93(8)
The 2017 French Presidential Election
101(3)
Conclusion
104(3)
PART II HUNTING AND ANALYZING ADVANCED CYBER THREATS
107(103)
Chapter 5 Adversaries And Attribution
109(26)
Threat Group Classification
110(1)
Hacktivism
110(1)
Cybercrime
111(3)
Cyber Espionage
114(2)
Unknown
116(1)
Attribution
116(2)
Attribution Confidence
118(1)
The Attribution Process
119(3)
Identifying Tactics, Techniques, and Procedures
122(1)
Conducting Time-Zone Analysis
123(3)
Attribution Mistakes
126(1)
Don't Identify Attacker Infrastructure Based on DDNS
127(1)
Don't Assume Domains Hosted on the Same IP Address Belong to the Same Attacker
127(2)
Don't Use Domains Registered by Brokers in Attribution
129(1)
Don't Attribute Based on Publicly Available Hacktools
130(1)
Attribution Tips
131(1)
Building Threat Profiles
132(2)
Conclusion
134(1)
Chapter 6 Malware Distribution And Communication
135(24)
Detecting Spear Phishing
136(1)
Basic Address Information
137(3)
The X-Mailer Field
140(1)
The Message-ID
141(1)
Other Useful Fields
142(1)
Analyzing Malicious or Compromised Sites
143(3)
Detecting Covert Communications
146(1)
Shamoon's Alternative Data Stream (ADS) Abuse
146(1)
Bachosens's Protocol Misuse
147(4)
Analyzing Malware Code Reuse
151(1)
WannaCry
151(2)
The Elderwood Zero-Day Distribution Framework
153(4)
Conclusion
157(2)
Chapter 7 Open Source Threat Hunting
159(22)
Using Osint Tools
160(1)
Protecting Yourself with OPSEC
160(1)
Legal Concerns
161(1)
Infrastructure Enumeration Tools
161(1)
Farsight DNSDB
162(1)
Passive Total
162(1)
Domain Tools
162(1)
Whoiso logy
162(1)
DNSmap
163(1)
Malware Analysis Tools
163(1)
Virus Total
163(1)
Hybrid Analysis
164(1)
Joe Sandbox
165(1)
Hatching Triage
166(1)
Cuckoo Sandbox
166(1)
Search Engines
167(1)
Crafting Queries
168(1)
Searching for Code Samples on NerdyData
169(1)
TweetDeck
170(1)
Browsing the Dark Web
170(1)
VPN Software
171(1)
Investigation Tracking
172(1)
Threat Note
172(1)
MISP
173(1)
Analystl
174(1)
DEVONthink
175(1)
Analyzing Network Communications with Wireshark
176(1)
Using Recon Frameworks
177(1)
Recon-ng
177(1)
The Harvester
178(1)
Spider Foot
178(1)
Maltego
179(1)
Conclusion
179(2)
Chapter 8 Analyzing A Real-World Threat
181(29)
The Background
181(1)
Email Analysis
182(1)
Header Analysis
182(3)
Email Body Analysis
185(1)
OSINT Research
186(4)
Lure Document Analysis
190(2)
Identifying the Command-and-Control Infrastructure
192(1)
Identifying Any Altered Files
192(2)
Analysis of Dropped Files
194(1)
Analysis of dw20.t
194(1)
Analysis of netidt.dll
195(1)
Signature Detection Clues
196(3)
Infrastructure Research
199(1)
Finding Additional Domains
200(1)
Passive DNS
201(4)
Visualizing Indicators of Compromise Relationships
205(1)
Findings
206(1)
Creating a Threat Profile
207(3)
Conclusion 210(3)
A Threat Profile Questions 213(4)
B Threat Profile Template Example 217(2)
Endnotes 219(24)
Index 243
Jon DiMaggio is a seasoned cybersecurity expert specializing in hunting, researching, and writing about advanced cyber threats. His career began in the intelligence community as a Signals Intelligence (SIGINT) analyst supporting government agencies. He has developed extensive expertise in enterprise ransomware attacks and nation-state intrusions, particularly through conducting human intelligence (HUMINT) operations to infiltrate ransomware gangs. In 2024 his research series The Ransomware Diaries delivered crucial insights that helped law enforcement disrupt the LockBit Ransomware operation.

Jon is a two-time recipient of the SANS Difference Makers Award (2022, 2023), and his research has appeared in leading media outlets including the New York Times, Wired, Bloomberg, Fox, CNN, and Reuters. In 2024, he appeared on CBS's 60 Minutes to discuss his experiences infiltrating ransomware operations. He frequently presents at major cybersecurity conferences including RSA and DEFCON.