The Art of Cyberwarfare: An Investigator’s Guide to Espionage, Ransomware, and Organized Cybercrime
A practical guide to understanding and analyzing cyber attacks by advanced attackers, such as nation states.
Cyber attacks are no longer the domain of petty criminals. Today, companies find themselves targeted by sophisticated nation state attackers armed with the resources to craft scarily effective campaigns. This book is a detailed guide to understanding the major players in these cyber wars, the techniques they use, and the process of analyzing their advanced attacks. Whether you’re an individual researcher or part of a team within a Security Operations Center (SoC), you’ll learn to approach, track, and attribute attacks to these advanced actors.
The first part of the book is an overview of actual cyber attacks conducted by nation-state actors and other advanced organizations. It explores the geopolitical context in which the attacks took place, the patterns found in the attackers’ techniques, and the supporting evidence analysts used to attribute such attacks. Dive into the mechanisms of:
- North Korea’s series of cyber attacks against financial institutions, which resulted in billions of dollars stolen
- The world of targeted ransomware attacks, which have leveraged nation state tactics to cripple entire corporate enterprises with ransomware
- Recent cyber attacks aimed at disrupting or influencing national elections globally
The book’s second part walks through how defenders can track and attribute future attacks. You’ll be provided with the tools, methods, and analytical guidance required to dissect and research each stage of an attack campaign. Here, Jon DiMaggio demonstrates some of the real techniques he has employed to uncover crucial information about the 2021 Colonial Pipeline attacks, among many other advanced threats. He now offers his experience to train the next generation of expert analysts.
Title Page Copyright About the Author ACKNOWLEDGMENTS Introduction Who Should Read This Book? How This Book Is Organized Part I: An Advanced Cyber-Threat Landscape Chapter 1: Nation-State Attacks China Titan Rain Hidden Lynx Espionage Campaigns Mandiant’s APT1 Report The U.S. and China Cease-Fire of 2015 Russia Moonlight Maze The Estonia Conflict The Georgia Conflict Buckshot Yankee Red October Iran The Early Years The 2011 Gmail Breach Shamoon United States Crypto AG Stuxnet Equation Group Regin North Korea Unit 121 Cyberattacks Conclusion Chapter 2: State-Sponsored Financial Attacks Distributed DoS Attacks Against Financial Institutions The Dozer Attack Ten Days of Rain IRGC Targets U.S. Banks (2011–2013) DarkSeoul Russian Attacks Against Ukraine Billion-Dollar Robberies SWIFT Attacks The North Korea Financial Theft Model Bank of Bangladesh Response FASTCash: A Global ATM Robbery Odinaff: How Cybercriminals Learn from Nation-States Conclusion Chapter 3: Human-Driven Ransomware GoGalocker SamSam Ryuk MegaCortex EvilCorp BitPaymer Indictment WastedLocker Linking These Ransomware Attacks Ransomware as a Service The DarkSide Gas Pipeline Attack Defensive Measures Conclusion Chapter 4: Election Hacking The 2014 Ukraine Presidential Election The Ukrainian Election Attack Model Fake Personas Propaganda Campaign DDoS and Data Theft Manipulation and Public Release of Stolen Political Data Malware and Fraudulent Election Data The 2016 U.S. Presidential Election The 2017 French Presidential Election Conclusion Part II: Hunting and Analyzing Advanced Cyber Threats Chapter 5: Adversaries and Attribution Threat Group Classification Hacktivism Cybercrime Cyber Espionage Unknown Attribution Attribution Confidence The Attribution Process Identifying Tactics, Techniques, and Procedures Conducting Time-Zone Analysis Attribution Mistakes Don’t Identify Attacker Infrastructure Based on DDNS Don’t Assume Domains Hosted on the Same IP Address Belong to the Same Attacker Don’t Use Domains Registered by Brokers in Attribution Don’t Attribute Based on Publicly Available Hacktools Attribution Tips Building Threat Profiles Conclusion Chapter 6: Malware Distribution and Communication Detecting Spear Phishing Basic Address Information The X-Mailer Field The Message-ID Other Useful Fields Analyzing Malicious or Compromised Sites Detecting Covert Communications Shamoon’s Alternative Data Stream (ADS) Abuse Bachosens’s Protocol Misuse Analyzing Malware Code Reuse WannaCry The Elderwood Zero-Day Distribution Framework Conclusion Chapter 7: Open Source Threat Hunting Using OSINT Tools Protecting Yourself with OPSEC Legal Concerns Infrastructure Enumeration Tools Farsight DNSDB PassiveTotal DomainTools Whoisology DNSmap Malware Analysis Tools VirusTotal Hybrid Analysis Joe Sandbox Hatching Triage Cuckoo Sandbox Search Engines Crafting Queries Searching for Code Samples on NerdyData TweetDeck Browsing the Dark Web VPN Software Investigation Tracking ThreatNote MISP Analyst1 DEVONthink Analyzing Network Communications with Wireshark Using Recon Frameworks Recon-ng TheHarvester SpiderFoot Maltego Conclusion Chapter 8: Analyzing a Real-World Threat The Background Email Analysis Header Analysis Email Body Analysis OSINT Research Lure Document Analysis Identifying the Command-and-Control Infrastructure Identifying Any Altered Files Analysis of Dropped Files Analysis of dw20.t Analysis of netidt.dll Signature Detection Clues Infrastructure Research Finding Additional Domains Passive DNS Visualizing Indicators of Compromise Relationships Findings Creating a Threat Profile Conclusion Appendix A: Threat Profile Questions Appendix B: Threat Profile Template Example Endnotes Index
How to download source code?
1. Go to:
2. Search the book title:
The Art of Cyberwarfare: An Investigator’s Guide to Espionage, Ransomware, and Organized Cybercrime, sometime you may not get the results, please search the main title
3. Click the book title in the search results
3. Download the Source Code.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.