O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Preventing Digital Extortion

Book Description

Learn the art of preventing digital extortion and securing confidential data

About This Book

  • Get acquainted with multiple cyber extortion attacks and techniques to mitigate them
  • Learn how DDOS, Crypto Virus, and other cyber extortion techniques can infect your computers, smartphones, servers, and cloud
  • A concise, fast-paced guide that develops your skills in protecting confidential data by leveraging widely used tools

Who This Book Is For

This book targets IT security managers, IT security engineers, security analysts, and professionals who are eager to avoid digital extortion for themselves or their organizations. They may have heard of such attacks but are not aware of their various types, techniques, and business impact.

What You Will Learn

  • Delve into the various types, stages, and economics of digital extortion
  • Understand the science behind different attacks
  • Understand the gravity of and mechanics behind ransomware and prevent and mitigate data breaches and financial losses
  • Use effective tools to defend against ransomware
  • Analyze attacks, the money flow, and cyber insurance processes
  • Learn the art of preventing digital extortion and securing confidential data
  • Get an idea of the future of extortion tactics and how technological advances will affect their development

In Detail

More and more cyber threats keep emerging every day, affecting organizations across the board, targeting the entire spectrum of the Internet. Digital--or cyber--extortion so far has come across as the most serious of such threats as it seeks to profit from criminal activity, akin to blackmail. Such extortion has been rising exponentially in the digital age and has become a huge illegal money-making business, affecting users and organizations ranging from small businesses to large enterprises.

This is an insightful study spelling out in detail the ways and means employed by cyber criminals in targeting various devices and the multiple dangers such malicious activity embodies.

Here will be found an overview of methods employed to impact and infect computers, smartphones, servers, and the IoT for cyber extortion. Then, it will move on to specific subjects in more detail, covering attacks such as DDoS-based extortion, cryptoviruses, and ransomware. You will learn how to prevent such attacks and eliminate them if you are compromised. This book will help you become a pro at securing your data and preventing your organization from paying a hefty ransom.

Style and approach

This step-by-step guide will start with the fundamentals of digital or cyber extortion and the various techniques used by hackers to demand ransom from an organization. It also focuses on types of ransomware and how it can infect your computer, mobile, cloud, server, and IOT. This practical guide will also explain how you can eliminate such attacks by leveraging various open source/commercial tools.

Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the code file.

Table of Contents

  1. Preface
    1. What this book covers
    2. What you need for this book
    3. Who this book is for
    4. Conventions
    5. Reader feedback
    6. Customer support
      1. Errata
      2. Piracy
      3. Questions
  2. Introduction to Cyber Extortion
    1. Cybercrime - underdefined and underregulated
      1. The concept of cybercrime
      2. Critical attributes of cybercrime
        1. Where and how - realm
        2. Why - motivation
        3. Who - the criminal deed component
      3. Types of common cyber threats
        1. Cybercrime targeting consumers
        2. Cybercrime targeting businesses
        3. Cybercrime in relation to overall computer crime
      4. Cybercrime localized - what is the risk in your region?
        1. North and South America
        2. Europe
        3. Asia
        4. Africa
        5. Australia and Oceania
      5. Cybercrime in numbers
        1. A peculiar perspective - cybercrime in absolute and normalized numbers
    2. Digital extortion
      1. The odd beginnings of digital extortion
      2. Extortion-based malware
      3. Types of digital extortion
        1. Distributed denial of service (DDoS) attacks
          1. Taxonomy of DDoS attacks
          2. Typical DDoS attacks
          3. DRDoS attacks
          4. Notable DDoS attacks
        2. Data theft extortion
          1. Preventing data theft extortion
        3. Mobile extortion
          1. Android
          2. iOS
        4. Sextortion
          1. Sextortion techniques
        5. Bug poaching
        6. Corporate extortion
    3. Ransomware
      1. Ransomware - crypto
      2. Ransomware - locker
      3. Ransomware propogation techniques
        1. Traffic redirection
        2. E-mail attachments
        3. Botnets
        4. Social engineering
        5. Ransomware-as-a-Service (RaaS)
      4. Evolution of ransomware
        1. Statistics of ransomware evolution - misleading applications give way to cryptoware
          1. SpySherriff
          2. Gpcoder
          3. Cryzip
          4. Archiveus
          5. Randsom.C
          6. SMS ransomware
          7. MBR ransomware
        2. The rise of ransomware
        3. Police ransomware - Reveton
        4. Patched malware
        5. Reemergence of crypto-ransomware
          1. CryptoLocker
          2. TROJ_UPATRE
          3. WORM_CRILOCK.A
          4. Cryptorbit
          5. Cryptocurrency theft
          6. The Angler exploit kit
      5. Ransomware in 2016 and beyond
        1. Locky
        2. Petya
        3. Cerber
        4. Samsam
        5. Jigsaw
      6. Is ransomware financially viable?
        1. Dynamic pricing of ransomware
          1. Across countries
          2. Across targeted victims
          3. History of payment methods
          4. Bitcoin - the ideal ransom method
      7. Industries and services affected - is your company under threat?
        1. Top targeted industries
          1. Healthcare
          2. Manufacturing
          3. Financial services
          4. Government agencies
          5. Transportation
        2. Ransomware statistics - malware variants and affected devices
          1. Total malware
          2. Mobile malware
          3. Rootkit malware
          4. The macOS malware
          5. Ransomware
          6. Malicious signed binaries
          7. Macro malware
          8. Worldwide botnet prevalence
          9. Network attacks
    4. Summary
  3. DDoS Extortion
    1. DDoS extortion - ransomware's older cousin
      1. Specific sectors at risk
      2. Why is it hard to defend against these attacks?
    2. The science behind DDoS attacks
      1. Evolution of DDoS attacks types
      2. Inside DDoS attacks
        1. Bandwidth attacks
          1. DNS attacks
          2. Application attacks
          3. HTTP attacks
          4. Low bandwidth HTTP denial of service attacks
      3. Attack tools
        1. The botnet as a DDoS tool
      4. Attack groups
        1. The Armada Collective
        2. Lizard Squad
        3. DD4BC
        4. Imposters
          1. Kadyrovtsy
          2. RedDoor
          3. ezBTC Squad
    3. Defense techniques
      1. Tools to protect against DDoS attacks
      2. Mitigation techniques
        1. For bandwidth exhaustion attacks
        2. For resource exhaustion
        3. For application-based attacks
      3. Leading practices for enterprises
    4. Future trends
    5. Summary
  4. Avoiding Data Theft Extortion
    1. Data theft
      1. The enterprise view
      2. Extortion e-mail schemes tied to data theft
      3. Method of breach
      4. Hacking or malware are the prime go-to breach methods
    2. Account thefts - accounts for sale
      1. Mobile phone, eBay, Uber, and PayPal accounts for sale
      2. Bank login credentials for sale
      3. Credit card sales are brand agnostic
      4. PII prices fall due to oversupply
      5. The perceived and actual monetary values
    3. Defending against data and account theft extortion
      1. Enterprise security measures
    4. Business E-mail Compromise (BEC)
      1. The fraudsters at your gates
      2. How impersonators fake you out
      3. The statistics behind Business E-mail Compromise (BEC)
    5. How do BEC schemes work?
      1. Fraudsters approach to e-mail
        1. The apt one shot e-mail
        2. The conversationalist
      2. Which company positions are most targeted in BEC schemes
    6. How to defend against BEC?
      1. Fighting against these type of scams
      2. What to do when hit by the BEC scam
    7. Summary
  5. Mitigating Locker Ransomware
    1. Why is lockerware a major field player?
      1. Screen locking command process
      2. The convenience of payment vouchers
    2. Reveton - when the police locks your screen
      1. From delivery to execution
        1. Lockerware delivery
        2. Payload carriers
        3. Infection spreading
        4. Lockerware execution
        5. Desktop locking techniques
    3. Stages of lockerware development in action
      1. Infrastructure preparation
      2. Exploit kits
      3. Traffic redirection
      4. Spreading the infection
      5. How to cash out - money laundering techniques
    4. The advancement of locker ransomware - Winlock
      1. Reveton takes over the world
      2. Modern variants of police ransomware
      3. Reveton strikes against OS X
      4. Android.Lockscreen
        1. ANDROIDOS_LOCKER.A - a new name with the same tactics
    5. Best practices for mitigating Lockerware
      1. Science verdict - three advanced malware mitigation strategies
        1. API call monitoring
        2. Monitoring filesystem activity
        3. Installing decoy resources
      2. Mitigating lockerware - a comprehensive action review
      3. Response plan development
      4. Security awareness and education
      5. Patching
      6. Robust monitoring
      7. Restrictions to unnecessary services
        1. Disabling services
        2. Restricting software
        3. Blocking IP addresses
        4. Removing unused devices
      8. File exchange management
      9. Discerning effects of e-mail security
      10. Software updates
      11. Data backup
        1. Cloud storage and security solutions
        2. File history or system protection recovery
        3. Mitigation by deception technology
      12. Quick five-step guide for businesses under attack
    6. Summary
  6. Crypto Ransomware Prevention Techniques
    1. Crypto ransomware
      1. Crypto ransomware - scenarios and variants
        1. CryptoLocker
        2. Locky
        3. TeslaCrypt
        4. CryptoWall
        5. CTBLocker
    2. Ransomware's targets
      1. Businesses of all sizes
        1. The healthcare sector
        2. Public agencies - educational institutions and law enforcement agencies
        3. Financial institutions
        4. Home users
          1. Stages of ransomware
      2. Initial infection and exploitation
        1. War driving
          1. E-mail attachments
          2. Drive-by downloads
          3. Phishing campaigns
        2. Targeted attacks
          1. Command and Control (C2)
      3. Encryption/locking - delivery and execution
        1. File encryption
        2. Ransomware encrypting files
          1. Public key download
          2. Embedded public key
          3. Embedded keys
        3. Ransomware locking screens
        4. Windows and mobile locker ransomware
      4. Holding hostage
      5. Propagation
    3. Defense in depth
      1. Defining a security architecture
        1. Need for a security architecture
        2. Following the principle of least privilege
      2. Perimeter defense controls
        1. Endpoint protection
        2. Firewalls
          1. Firewall classification
          2. Key requirements
        3. Intrusion Prevention System (IPS)
          1. Key requirements
        4. Key network security controls
      3. Vulnerability assessments
        1. Configuration management
      4. Patch management
        1. Vulnerability remediation management
        2. Assessing ports, services, and protocols
        3. Secure software installation
      5. Specific measures
    4. Summary
  7. Exploring Mobile Extortions
    1. Mobile malware - an increasing security risk
    2. Mobile ransomware
      1. Common infection vectors
      2. Malware Command and Control communication
      3. Malware self-protection
      4. Analysis of mobile malware sample - SMS Zombie
        1. Analysis observations
        2. Static analysis
    3. Ransomware timeline
      1. Android Defender
      2. Police ransomware
      3. Simplocker
        1. Simplocker distribution vectors
        2. Simplocker in English
      4. Lockerpin
        1. Lockerpin's aggressive self-defense
      5. Jisut
    4. Protecting your mobile phone
    5. Future predictions
    6. Summary
  8. Follow the Money
    1. Cryptocurrency
      1. Blockchain
        1. How does a blockchain transaction work
        2. Common misconceptions about blockchain technology
      2. Bitcoins
        1. Quick facts about Bitcoin
        2. Currency denomination
          1. Samples of transactions and blocks
        3. Protocol weakness
        4. Security concerns
        5. Economics of Bitcoin
        6. Bitcoin - myth busters
    2. Why is it so difficult to catch attackers?
    3. Ransomware as a Service
      1. Dissecting RaaS with Cerber
      2. Tracing the flow of money
    4. Summary
  9. Held Hostage – What Now?
    1. To pay or not to pay
      1. Hollywood Presbyterian medical center - Impact based scenario
    2. Analyzing and responding
      1. Preference 1 - situation being controlled by the Incident Response (IR) team
      2. Preference 2 - implementing a security solution (without an Information Security team)
      3. Preference 3 - trying to recover the data
      4. Preference 4 - paying the ransom
    3. Cyber insurance review
      1. Cyber threat landscape and the impact of cyber risk
      2. The growing need for cyber insurance
      3. Cyber insurance coverage
      4. Maturation of the cyber insurance market
      5. Typical coverage provided by cyber insurance
      6. Typical cyber insurance underwriting process
        1. Considerations while selecting cyber insurance
      7. Cyber insurance focused risk assessment
        1. Performing current state cyber risk assessment
        2. Assessing cyber insurance options
        3. Conducting fit-gap analysis
        4. Developing strategy and recommendations
    4. The moral dilemma of malware
      1. Using endpoint protection solutions
      2. Hardening systems
        1. Ports, services, and protocols
        2. Secure software installation
        3. Handling information assets and private information
        4. Protection from spamming and phishing
        5. Protection from social engineering
      3. Backup
        1. Why do we need backups?
        2. What is a recovery?
    5. Summary
  10. Extortion of the Future
    1. What does the future hold for ransomware?
    2. Focus on operational security
    3. Ransomware everywhere
      1. Malware on your wrist
      2. Malware on wearables
    4. Internet of Things (IoT) meets malware and extortion
      1. Internet of Things (IoT)
      2. Assessing embedded and IoT devices
      3. The common security observation
    5. Transforming the business model
    6. Summary