The Art of Cyberwarfare: An Investigator’s Guide to Espionage, Ransomware, and Organized Cybercrime

Length: 241 pages
Edition: 1
Language: English
Publisher: No Starch Press
Publication Date: 2022-04-26
ISBN-10: 1718502141
ISBN-13: 9781718502147
Sales Rank: #920847 (See Top 100 Books)

A practical guide to understanding and analyzing cyber attacks by advanced attackers, such as nation states.

Cyber attacks are no longer the domain of petty criminals. Today, companies find themselves targeted by sophisticated nation state attackers armed with the resources to craft scarily effective campaigns. This book is a detailed guide to understanding the major players in these cyber wars, the techniques they use, and the process of analyzing their advanced attacks. Whether you’re an individual researcher or part of a team within a Security Operations Center (SoC), you’ll learn to approach, track, and attribute attacks to these advanced actors.

The first part of the book is an overview of actual cyber attacks conducted by nation-state actors and other advanced organizations. It explores the geopolitical context in which the attacks took place, the patterns found in the attackers’ techniques, and the supporting evidence analysts used to attribute such attacks. Dive into the mechanisms of:

North Korea’s series of cyber attacks against financial institutions, which resulted in billions of dollars stolen
The world of targeted ransomware attacks, which have leveraged nation state tactics to cripple entire corporate enterprises with ransomware
Recent cyber attacks aimed at disrupting or influencing national elections globally

The book’s second part walks through how defenders can track and attribute future attacks. You’ll be provided with the tools, methods, and analytical guidance required to dissect and research each stage of an attack campaign. Here, Jon DiMaggio demonstrates some of the real techniques he has employed to uncover crucial information about the 2021 Colonial Pipeline attacks, among many other advanced threats. He now offers his experience to train the next generation of expert analysts.

Title Page
Copyright
About the Author
ACKNOWLEDGMENTS
Introduction
    Who Should Read This Book?
    How This Book Is Organized
Part I: An Advanced Cyber-Threat Landscape
    Chapter 1: Nation-State Attacks
        China
            Titan Rain
            Hidden Lynx Espionage Campaigns
            Mandiant’s APT1 Report
            The U.S. and China Cease-Fire of 2015 
        Russia 
            Moonlight Maze
            The Estonia Conflict
            The Georgia Conflict
            Buckshot Yankee
            Red October
        Iran 
            The Early Years
            The 2011 Gmail Breach
            Shamoon
        United States
            Crypto AG
            Stuxnet
            Equation Group
            Regin
        North Korea
            Unit 121
            Cyberattacks
        Conclusion
    Chapter 2: State-Sponsored Financial Attacks
        Distributed DoS Attacks Against Financial Institutions
            The Dozer Attack
            Ten Days of Rain
            IRGC Targets U.S. Banks (2011–2013)
            DarkSeoul
            Russian Attacks Against Ukraine
        Billion-Dollar Robberies
            SWIFT Attacks
            The North Korea Financial Theft Model 
            Bank of Bangladesh Response
            FASTCash: A Global ATM Robbery
        Odinaff: How Cybercriminals Learn from Nation-States 
        Conclusion
    Chapter 3: Human-Driven Ransomware
        GoGalocker
        SamSam
        Ryuk 
        MegaCortex
        EvilCorp
            BitPaymer
            Indictment
            WastedLocker
        Linking These Ransomware Attacks
        Ransomware as a Service
        The DarkSide Gas Pipeline Attack
        Defensive Measures
        Conclusion
    Chapter 4: Election Hacking
        The 2014 Ukraine Presidential Election
        The Ukrainian Election Attack Model 
            Fake Personas
            Propaganda Campaign
            DDoS and Data Theft
            Manipulation and Public Release of Stolen Political Data
            Malware and Fraudulent Election Data 
        The 2016 U.S. Presidential Election
        The 2017 French Presidential Election
        Conclusion
Part II: Hunting and Analyzing Advanced Cyber Threats 
    Chapter 5: Adversaries and Attribution
        Threat Group Classification
            Hacktivism
            Cybercrime
            Cyber Espionage
            Unknown
        Attribution
            Attribution Confidence
            The Attribution Process
            Identifying Tactics, Techniques, and Procedures
            Conducting Time-Zone Analysis
        Attribution Mistakes
            Don’t Identify Attacker Infrastructure Based on DDNS
            Don’t Assume Domains Hosted on the Same IP Address Belong to the Same Attacker
            Don’t Use Domains Registered by Brokers in Attribution
            Don’t Attribute Based on Publicly Available Hacktools
        Attribution Tips
        Building Threat Profiles
        Conclusion
    Chapter 6: Malware Distribution and Communication
        Detecting Spear Phishing 
            Basic Address Information
            The X-Mailer Field
            The Message-ID
            Other Useful Fields
        Analyzing Malicious or Compromised Sites
        Detecting Covert Communications
            Shamoon’s Alternative Data Stream (ADS) Abuse 
            Bachosens’s Protocol Misuse 
        Analyzing Malware Code Reuse
            WannaCry
            The Elderwood Zero-Day Distribution Framework
        Conclusion
    Chapter 7: Open Source Threat Hunting
        Using OSINT Tools 
            Protecting Yourself with OPSEC
            Legal Concerns
        Infrastructure Enumeration Tools
            Farsight DNSDB 
            PassiveTotal
            DomainTools
            Whoisology
            DNSmap
        Malware Analysis Tools
            VirusTotal
            Hybrid Analysis
            Joe Sandbox
            Hatching Triage
            Cuckoo Sandbox
        Search Engines
            Crafting Queries
            Searching for Code Samples on NerdyData
        TweetDeck
        Browsing the Dark Web
        VPN Software
        Investigation Tracking
            ThreatNote
            MISP
            Analyst1 
            DEVONthink
        Analyzing Network Communications with Wireshark
        Using Recon Frameworks
            Recon-ng
            TheHarvester
            SpiderFoot
            Maltego
        Conclusion
    Chapter 8: Analyzing a Real-World Threat
        The Background
        Email Analysis
            Header Analysis
            Email Body Analysis
            OSINT Research
        Lure Document Analysis
            Identifying the Command-and-Control Infrastructure
            Identifying Any Altered Files
        Analysis of Dropped Files
            Analysis of dw20.t 
            Analysis of netidt.dll 
            Signature Detection Clues
        Infrastructure Research
            Finding Additional Domains
            Passive DNS
        Visualizing Indicators of Compromise Relationships
        Findings
        Creating a Threat Profile
        Conclusion
Appendix A: Threat Profile Questions
Appendix B: Threat Profile Template Example
Endnotes
Index

To access the Link, solve the captcha.

How to download source code?

1. Go to: https://nostarch.com/

2. Search the book title: The Art of Cyberwarfare: An Investigator’s Guide to Espionage, Ransomware, and Organized Cybercrime, sometime you may not get the results, please search the main title