The Art of Cyberwarfare: An Investigator’s Guide to Espionage, Ransomware, and Organized Cybercrime
- Length: 241 pages
- Edition: 1
- Language: English
- Publisher: No Starch Press
- Publication Date: 2022-04-26
- ISBN-10: 1718502141
- ISBN-13: 9781718502147
- Sales Rank: #920847 (See Top 100 Books)
A practical guide to understanding and analyzing cyber attacks by advanced attackers, such as nation states.
Cyber attacks are no longer the domain of petty criminals. Today, companies find themselves targeted by sophisticated nation state attackers armed with the resources to craft scarily effective campaigns. This book is a detailed guide to understanding the major players in these cyber wars, the techniques they use, and the process of analyzing their advanced attacks. Whether you’re an individual researcher or part of a team within a Security Operations Center (SoC), you’ll learn to approach, track, and attribute attacks to these advanced actors.
The first part of the book is an overview of actual cyber attacks conducted by nation-state actors and other advanced organizations. It explores the geopolitical context in which the attacks took place, the patterns found in the attackers’ techniques, and the supporting evidence analysts used to attribute such attacks. Dive into the mechanisms of:
- North Korea’s series of cyber attacks against financial institutions, which resulted in billions of dollars stolen
- The world of targeted ransomware attacks, which have leveraged nation state tactics to cripple entire corporate enterprises with ransomware
- Recent cyber attacks aimed at disrupting or influencing national elections globally
The book’s second part walks through how defenders can track and attribute future attacks. You’ll be provided with the tools, methods, and analytical guidance required to dissect and research each stage of an attack campaign. Here, Jon DiMaggio demonstrates some of the real techniques he has employed to uncover crucial information about the 2021 Colonial Pipeline attacks, among many other advanced threats. He now offers his experience to train the next generation of expert analysts.
Title Page
Copyright
About the Author
ACKNOWLEDGMENTS
Introduction
Who Should Read This Book?
How This Book Is Organized
Part I: An Advanced Cyber-Threat Landscape
Chapter 1: Nation-State Attacks
China
Titan Rain
Hidden Lynx Espionage Campaigns
Mandiant’s APT1 Report
The U.S. and China Cease-Fire of 2015
Russia
Moonlight Maze
The Estonia Conflict
The Georgia Conflict
Buckshot Yankee
Red October
Iran
The Early Years
The 2011 Gmail Breach
Shamoon
United States
Crypto AG
Stuxnet
Equation Group
Regin
North Korea
Unit 121
Cyberattacks
Conclusion
Chapter 2: State-Sponsored Financial Attacks
Distributed DoS Attacks Against Financial Institutions
The Dozer Attack
Ten Days of Rain
IRGC Targets U.S. Banks (2011–2013)
DarkSeoul
Russian Attacks Against Ukraine
Billion-Dollar Robberies
SWIFT Attacks
The North Korea Financial Theft Model
Bank of Bangladesh Response
FASTCash: A Global ATM Robbery
Odinaff: How Cybercriminals Learn from Nation-States
Conclusion
Chapter 3: Human-Driven Ransomware
GoGalocker
SamSam
Ryuk
MegaCortex
EvilCorp
BitPaymer
Indictment
WastedLocker
Linking These Ransomware Attacks
Ransomware as a Service
The DarkSide Gas Pipeline Attack
Defensive Measures
Conclusion
Chapter 4: Election Hacking
The 2014 Ukraine Presidential Election
The Ukrainian Election Attack Model
Fake Personas
Propaganda Campaign
DDoS and Data Theft
Manipulation and Public Release of Stolen Political Data
Malware and Fraudulent Election Data
The 2016 U.S. Presidential Election
The 2017 French Presidential Election
Conclusion
Part II: Hunting and Analyzing Advanced Cyber Threats
Chapter 5: Adversaries and Attribution
Threat Group Classification
Hacktivism
Cybercrime
Cyber Espionage
Unknown
Attribution
Attribution Confidence
The Attribution Process
Identifying Tactics, Techniques, and Procedures
Conducting Time-Zone Analysis
Attribution Mistakes
Don’t Identify Attacker Infrastructure Based on DDNS
Don’t Assume Domains Hosted on the Same IP Address Belong to the Same Attacker
Don’t Use Domains Registered by Brokers in Attribution
Don’t Attribute Based on Publicly Available Hacktools
Attribution Tips
Building Threat Profiles
Conclusion
Chapter 6: Malware Distribution and Communication
Detecting Spear Phishing
Basic Address Information
The X-Mailer Field
The Message-ID
Other Useful Fields
Analyzing Malicious or Compromised Sites
Detecting Covert Communications
Shamoon’s Alternative Data Stream (ADS) Abuse
Bachosens’s Protocol Misuse
Analyzing Malware Code Reuse
WannaCry
The Elderwood Zero-Day Distribution Framework
Conclusion
Chapter 7: Open Source Threat Hunting
Using OSINT Tools
Protecting Yourself with OPSEC
Legal Concerns
Infrastructure Enumeration Tools
Farsight DNSDB
PassiveTotal
DomainTools
Whoisology
DNSmap
Malware Analysis Tools
VirusTotal
Hybrid Analysis
Joe Sandbox
Hatching Triage
Cuckoo Sandbox
Search Engines
Crafting Queries
Searching for Code Samples on NerdyData
TweetDeck
Browsing the Dark Web
VPN Software
Investigation Tracking
ThreatNote
MISP
Analyst1
DEVONthink
Analyzing Network Communications with Wireshark
Using Recon Frameworks
Recon-ng
TheHarvester
SpiderFoot
Maltego
Conclusion
Chapter 8: Analyzing a Real-World Threat
The Background
Email Analysis
Header Analysis
Email Body Analysis
OSINT Research
Lure Document Analysis
Identifying the Command-and-Control Infrastructure
Identifying Any Altered Files
Analysis of Dropped Files
Analysis of dw20.t
Analysis of netidt.dll
Signature Detection Clues
Infrastructure Research
Finding Additional Domains
Passive DNS
Visualizing Indicators of Compromise Relationships
Findings
Creating a Threat Profile
Conclusion
Appendix A: Threat Profile Questions
Appendix B: Threat Profile Template Example
Endnotes
IndexDonate to keep this site alive
How to download source code?
1. Go to: https://nostarch.com/
2. Search the book title: The Art of Cyberwarfare: An Investigator’s Guide to Espionage, Ransomware, and Organized Cybercrime, sometime you may not get the results, please search the main title
3. Click the book title in the search results
3. Download the Source Code.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.
