The Art of Cyberwarfare

The Art of Cyberwarfare

by Jon DiMaggio
Released April 2022
Publisher(s): No Starch Press
ISBN: 9781718502147

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Cyber attacks are no longer the domain of petty criminals. Today, companies find themselves targeted by sophisticated nation state attackers armed with the resources to craft scarily effective campaigns. This book is a detailed guide to understanding the major players in these cyber wars, the techniques they use, and the process of analyzing their advanced attacks. Whether you’re an individual researcher or part of a team within a Security Operations Center (SoC), you’ll learn to approach, track, and attribute attacks to these advanced actors.

The first part of the book is an overview of actual cyber attacks conducted by nation-state actors and other advanced organizations. It explores the geopolitical context in which the attacks took place, the patterns found in the attackers’ techniques, and the supporting evidence analysts used to attribute such attacks. Dive into the mechanisms of:

•North Korea’s series of cyber attacks against financial institutions, which resulted in billions of dollars stolen
•The world of targeted ransomware attacks, which have leveraged nation state tactics to cripple entire corporate enterprises with ransomware
•Recent cyber attacks aimed at disrupting or influencing national elections globally

The book’s second part walks through how defenders can track and attribute future attacks. You’ll be provided with the tools, methods, and analytical guidance required to dissect and research each stage of an attack campaign. Here, Jon DiMaggio demonstrates some of the real techniques he has employed to uncover crucial information about the 2021 Colonial Pipeline attacks, among many other advanced threats. He now offers his experience to train the next generation of expert analysts.

Table of contents

  1. Title Page
  2. Copyright
  3. About the Author
  4. ACKNOWLEDGMENTS
  5. Introduction
    1. Who Should Read This Book?
    2. How This Book Is Organized
  6. Part I: An Advanced Cyber-Threat Landscape
    1. Chapter 1: Nation-State Attacks
      1. China
        1. Titan Rain
        2. Hidden Lynx Espionage Campaigns
        3. Mandiant’s APT1 Report
        4. The U.S. and China Cease-Fire of 2015
      2. Russia
        1. Moonlight Maze
        2. The Estonia Conflict
        3. The Georgia Conflict
        4. Buckshot Yankee
        5. Red October
      3. Iran
        1. The Early Years
        2. The 2011 Gmail Breach
        3. Shamoon
      4. United States
        1. Crypto AG
        2. Stuxnet
        3. Equation Group
        4. Regin
      5. North Korea
        1. Unit 121
        2. Cyberattacks
      6. Conclusion
    2. Chapter 2: State-Sponsored Financial Attacks
      1. Distributed DoS Attacks Against Financial Institutions
        1. The Dozer Attack
        2. Ten Days of Rain
        3. IRGC Targets U.S. Banks (2011–2013)
        4. DarkSeoul
        5. Russian Attacks Against Ukraine
      2. Billion-Dollar Robberies
        1. SWIFT Attacks
        2. The North Korea Financial Theft Model
        3. Bank of Bangladesh Response
        4. FASTCash: A Global ATM Robbery
      3. Odinaff: How Cybercriminals Learn from Nation-States
      4. Conclusion
    3. Chapter 3: Human-Driven Ransomware
      1. GoGalocker
      2. SamSam
      3. Ryuk
      4. MegaCortex
      5. EvilCorp
        1. BitPaymer
        2. Indictment
        3. WastedLocker
      6. Linking These Ransomware Attacks
      7. Ransomware as a Service
      8. The DarkSide Gas Pipeline Attack
      9. Defensive Measures
      10. Conclusion
    4. Chapter 4: Election Hacking
      1. The 2014 Ukraine Presidential Election
      2. The Ukrainian Election Attack Model
        1. Fake Personas
        2. Propaganda Campaign
        3. DDoS and Data Theft
        4. Manipulation and Public Release of Stolen Political Data
        5. Malware and Fraudulent Election Data
      3. The 2016 U.S. Presidential Election
      4. The 2017 French Presidential Election
      5. Conclusion
  7. Part II: Hunting and Analyzing Advanced Cyber Threats
    1. Chapter 5: Adversaries and Attribution
      1. Threat Group Classification
        1. Hacktivism
        2. Cybercrime
        3. Cyber Espionage
        4. Unknown
      2. Attribution
        1. Attribution Confidence
        2. The Attribution Process
        3. Identifying Tactics, Techniques, and Procedures
        4. Conducting Time-Zone Analysis
      3. Attribution Mistakes
        1. Don’t Identify Attacker Infrastructure Based on DDNS
        2. Don’t Assume Domains Hosted on the Same IP Address Belong to the Same Attacker
        3. Don’t Use Domains Registered by Brokers in Attribution
        4. Don’t Attribute Based on Publicly Available Hacktools
      4. Attribution Tips
      5. Building Threat Profiles
      6. Conclusion
    2. Chapter 6: Malware Distribution and Communication
      1. Detecting Spear Phishing
        1. Basic Address Information
        2. The X-Mailer Field
        3. The Message-ID
        4. Other Useful Fields
      2. Analyzing Malicious or Compromised Sites
      3. Detecting Covert Communications
        1. Shamoon’s Alternative Data Stream (ADS) Abuse
        2. Bachosens’s Protocol Misuse
      4. Analyzing Malware Code Reuse
        1. WannaCry
        2. The Elderwood Zero-Day Distribution Framework
      5. Conclusion
    3. Chapter 7: Open Source Threat Hunting
      1. Using OSINT Tools
        1. Protecting Yourself with OPSEC
        2. Legal Concerns
      2. Infrastructure Enumeration Tools
        1. Farsight DNSDB
        2. PassiveTotal
        3. DomainTools
        4. Whoisology
        5. DNSmap
      3. Malware Analysis Tools
        1. VirusTotal
        2. Hybrid Analysis
        3. Joe Sandbox
        4. Hatching Triage
        5. Cuckoo Sandbox
      4. Search Engines
        1. Crafting Queries
        2. Searching for Code Samples on NerdyData
      5. TweetDeck
      6. Browsing the Dark Web
      7. VPN Software
      8. Investigation Tracking
        1. ThreatNote
        2. MISP
        3. Analyst1
        4. DEVONthink
      9. Analyzing Network Communications with Wireshark
      10. Using Recon Frameworks
        1. Recon-ng
        2. TheHarvester
        3. SpiderFoot
        4. Maltego
      11. Conclusion
    4. Chapter 8: Analyzing a Real-World Threat
      1. The Background
      2. Email Analysis
        1. Header Analysis
        2. Email Body Analysis
        3. OSINT Research
      3. Lure Document Analysis
        1. Identifying the Command-and-Control Infrastructure
        2. Identifying Any Altered Files
      4. Analysis of Dropped Files
        1. Analysis of dw20.t
        2. Analysis of netidt.dll
        3. Signature Detection Clues
      5. Infrastructure Research
        1. Finding Additional Domains
        2. Passive DNS
      6. Visualizing Indicators of Compromise Relationships
      7. Findings
      8. Creating a Threat Profile
      9. Conclusion
  8. Appendix A: Threat Profile Questions
  9. Appendix B: Threat Profile Template Example
  10. Endnotes
  11. Index

Product information

  • Title: The Art of Cyberwarfare
  • Author(s): Jon DiMaggio
  • Release date: April 2022
  • Publisher(s): No Starch Press
  • ISBN: 9781718502147