book

The Art of Cyberwarfare

Name: The Art of Cyberwarfare
Author: Jon DiMaggio
ISBN: 9781718502147

by Jon DiMaggio

April 2022

Intermediate to advanced

241 pages

8h 22m

English

No Starch Press

Read now

Unlock full access

Title Page
Copyright
About the Author
ACKNOWLEDGMENTS
Introduction
Who Should Read This Book?How This Book Is Organized
Part I: An Advanced Cyber-Threat Landscape
Chapter 1: Nation-State Attacks
ChinaTitan RainHidden Lynx Espionage CampaignsMandiant’s APT1 ReportThe U.S. and China Cease-Fire of 2015 Russia Moonlight MazeThe Estonia ConflictThe Georgia ConflictBuckshot YankeeRed OctoberIran The Early YearsThe 2011 Gmail BreachShamoonUnited StatesCrypto AGStuxnetEquation GroupReginNorth KoreaUnit 121CyberattacksConclusion
Chapter 2: State-Sponsored Financial Attacks
Distributed DoS Attacks Against Financial InstitutionsThe Dozer AttackTen Days of RainIRGC Targets U.S. Banks (2011–2013)DarkSeoulRussian Attacks Against UkraineBillion-Dollar RobberiesSWIFT AttacksThe North Korea Financial Theft Model Bank of Bangladesh ResponseFASTCash: A Global ATM RobberyOdinaff: How Cybercriminals Learn from Nation-States Conclusion
Chapter 3: Human-Driven Ransomware
GoGalockerSamSamRyuk MegaCortexEvilCorpBitPaymerIndictmentWastedLockerLinking These Ransomware AttacksRansomware as a ServiceThe DarkSide Gas Pipeline AttackDefensive MeasuresConclusion
Chapter 4: Election Hacking
The 2014 Ukraine Presidential ElectionThe Ukrainian Election Attack Model Fake PersonasPropaganda CampaignDDoS and Data TheftManipulation and Public Release of Stolen Political DataMalware and Fraudulent Election Data The 2016 U.S. Presidential ElectionThe 2017 French Presidential ElectionConclusion

Part II: Hunting and Analyzing Advanced Cyber Threats
Chapter 5: Adversaries and Attribution
Threat Group ClassificationHacktivismCybercrimeCyber EspionageUnknownAttributionAttribution ConfidenceThe Attribution ProcessIdentifying Tactics, Techniques, and ProceduresConducting Time-Zone AnalysisAttribution MistakesDon’t Identify Attacker Infrastructure Based on DDNSDon’t Assume Domains Hosted on the Same IP Address Belong to the Same AttackerDon’t Use Domains Registered by Brokers in AttributionDon’t Attribute Based on Publicly Available HacktoolsAttribution TipsBuilding Threat ProfilesConclusion
Chapter 6: Malware Distribution and Communication
Detecting Spear Phishing Basic Address InformationThe X-Mailer FieldThe Message-IDOther Useful FieldsAnalyzing Malicious or Compromised SitesDetecting Covert CommunicationsShamoon’s Alternative Data Stream (ADS) Abuse Bachosens’s Protocol Misuse Analyzing Malware Code ReuseWannaCryThe Elderwood Zero-Day Distribution FrameworkConclusion
Chapter 7: Open Source Threat Hunting
Using OSINT Tools Protecting Yourself with OPSECLegal ConcernsInfrastructure Enumeration ToolsFarsight DNSDB PassiveTotalDomainToolsWhoisologyDNSmapMalware Analysis ToolsVirusTotalHybrid AnalysisJoe SandboxHatching TriageCuckoo SandboxSearch EnginesCrafting QueriesSearching for Code Samples on NerdyDataTweetDeckBrowsing the Dark WebVPN SoftwareInvestigation TrackingThreatNoteMISPAnalyst1 DEVONthinkAnalyzing Network Communications with WiresharkUsing Recon FrameworksRecon-ngTheHarvesterSpiderFootMaltegoConclusion
Chapter 8: Analyzing a Real-World Threat
The BackgroundEmail AnalysisHeader AnalysisEmail Body AnalysisOSINT ResearchLure Document AnalysisIdentifying the Command-and-Control InfrastructureIdentifying Any Altered FilesAnalysis of Dropped FilesAnalysis of dw20.t Analysis of netidt.dll Signature Detection CluesInfrastructure ResearchFinding Additional DomainsPassive DNSVisualizing Indicators of Compromise RelationshipsFindingsCreating a Threat ProfileConclusion
Appendix A: Threat Profile Questions
Appendix B: Threat Profile Template Example
Endnotes
Index

Overview

Cyber attacks are no longer the domain of petty criminals. Today, companies find themselves targeted by sophisticated nation state attackers armed with the resources to craft scarily effective campaigns. This book is a detailed guide to understanding the major players in these cyber wars, the techniques they use, and the process of analyzing their advanced attacks. Whether you’re an individual researcher or part of a team within a Security Operations Center (SoC), you’ll learn to approach, track, and attribute attacks to these advanced actors.

The first part of the book is an overview of actual cyber attacks conducted by nation-state actors and other advanced organizations. It explores the geopolitical context in which the attacks took place, the patterns found in the attackers’ techniques, and the supporting evidence analysts used to attribute such attacks. Dive into the mechanisms of:

•North Korea’s series of cyber attacks against financial institutions, which resulted in billions of dollars stolen
•The world of targeted ransomware attacks, which have leveraged nation state tactics to cripple entire corporate enterprises with ransomware
•Recent cyber attacks aimed at disrupting or influencing national elections globally

The book’s second part walks through how defenders can track and attribute future attacks. You’ll be provided with the tools, methods, and analytical guidance required to dissect and research each stage of an attack campaign. Here, Jon DiMaggio demonstrates some of the real techniques he has employed to uncover crucial information about the 2021 Colonial Pipeline attacks, among many other advanced threats. He now offers his experience to train the next generation of expert analysts.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781098130190

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills