Reverse Deception: Organized Cyber Threat Counter-Exploitation (135 page)

Read Reverse Deception: Organized Cyber Threat Counter-Exploitation Online

Authors: Sean Bodmer

Tags: #General, #security, #Computers

BOOK: Reverse Deception: Organized Cyber Threat Counter-Exploitation
4.55Mb size Format: txt, pdf, ePub
Zeus bot
ZeuS Tracker
Zeus Trojan
Zhou Dynasty
Zloy forums

Table of Contents

Foreword

Acknowledgments

Introduction

Chapter 1 State of the Advanced Cyber Threat

Have You Heard About the APT?

APT Defined

What Makes a Threat Advanced and Persistent?

Examples of Advanced and Persistent Threats

Moonlight Maze

Stakkato

Titan Rain

Stormworm

GhostNet

Byzantine Hades/Foothold/Candor/Raptor

Operation Aurora

Stuxnet

Russian Business Network

New Generation of Botnets and Operators

Operation Payback

Conclusion

Chapter 2 What Is Deception?

How Does Deception Fit in Countering Cyber Threats?

Six Principles of Deception

Focus

Objective

Centralized Planning and Control

Security

Timeliness

Integration

Traditional Deception

Feints—Cowpens

Demonstrations—Dorchester Heights

Ruses—Operation Mincemeat (the Unlikely Story of Glyndwr Michael)

Displays—A Big Hack Attack

Why Use Deception?

The First US Army Group Deception

Russian Maskirovka

Deception Maxims

“Magruder’s Principle”—Exploitation of a COG’s Perception or Bias

“Limitations to Human Information Processing”

“Multiple Forms of Surprise”

“Jones’ Dilemma”

“Choice of Types of Deception”

“Husbanding of Deception Assets”

“Sequencing Rule”

“Importance of Feedback”

“Beware of Possible Unwanted Reactions”

“Care in the Design of Planned Placement of Deceptive Material”

Understanding the Information Picture

Half-Empty Version

Half-Full Version

A Question of Bias

Totally Full Version

Step-Beyond Version

Two-Steps-Beyond Version

Conclusion

Chapter 3 Cyber Counterintelligence

Fundamental Competencies

Applying Counterintelligence to the Cyber Realm

Sizing Up Advanced and Persistent Threats

Attack Origination Points

Numbers Involved in the Attack

Risk Tolerance

Timeliness

Skills and Methods

Actions

Objectives

Resources

Knowledge Source

Conclusion

Chapter 4 Profiling Fundamentals

A Brief History of Traditional Criminal Profiling

The Emergence of Cyber Profiling

Acquiring an Understanding of the Special Population

The Objectives of Profiling

The Nature of Profiling

Basic Types of Profiling

Two Logical Approaches to Profiling: Inductive vs. Deductive

Information Vectors for Profiling

Time

Geolocation

Skill

Motivation

Weapons and Tactics

Socially Meaningful Communications and Connections

Conclusion

References

Chapter 5 Actionable Legal Knowledge for the Security Professional

How to Work with a Lawyer

What You Should Know About Legal Research

Online Legal Resources

Common Legal Terms

The Role of Statutes in Our Legal System

How to Find a Law

Do Your Background Homework

Reading the Law

Communicating with Lawyers

Ethics in Cyberspace

Conclusion

Chapter 6 Threat (Attacker) Tradecraft

Threat Categories

Targeted Attacks

Opportunistic Attacks

Opportunistic Turning Targeted

Evolution of Vectors

Meet the Team

Criminal Tools and Techniques

Tailored Valid Services

Academic Research Abuse

Circles of Trust

Injection Vectors

Conclusion

Chapter 7 Operational Deception

Deception Is Essential

Tall Tale 1

Postmortem

Tall Tale 2

Postmortem

Tall Tale 3

Postmortem

Tall Tale 4

Honeypot 1

Postmortem

Conclusion

Chapter 8 Tools and Tactics

Detection Technologies

Host-Based Tools

Antivirus Tools

Digital Forensics

Security Management Tools

Network-Based Tools

Firewalls

Intrusion Detection/Prevention Systems

Deception Technologies

Honeywalls

Honeynets as Part of Defense-in-Depth

Research vs. Production Honeynets

Honeynet Architectures

Honeywall Accreditation

Content Staging

Content Filling

Honeynet Training

Honeynet Objectives

Honeynet Risks and Issues

Check Yourself Before You’re Wrecked

What’s the Status of Your Physical Security?

How Does Your Wireless Network Look?

What’s Traveling on Your Network?

What About Your Host/Server Security?

How Are Your Passwords?

How’s Your Operational Security?

Crimeware/Analysis Detection Systems

What Happened on Your Box?

What Did That Malicious Software Do?

Conclusion

Chapter 9 Attack Characterization Techniques

Postincident Characterization

Another Tall Tale

Discovery

Malware

Aftermath

Real-World Tactics

Engaging an Active Threat

Traffic, Targets, and Taxonomy

Aftermath

Conclusion

Chapter 10 Attack Attribution

A Brief Note About Levels of Information Present in Objects

Profiling Vectors

Time

Motivations

Social Networks

Skill Level

Vector Summary

Strategic Application of Profiling Techniques

Example Study: The Changing Social Structure of the Hacking Community

Micro- and Macro-Level Analyses

The Rise of the Civilian Cyber Warrior

The Balance of Power

Potential Civilian Cyber Warrior Threats

Conclusion

References

Chapter 11 The Value of APTs

Espionage

Costs of Cyber Espionage

Value Network Analysis

APTs and Value Networks

The RSA Case

The Operation Aurora Case

APT Investments

APTs and the Internet Value Chain

It’s All Good(s)

Bitcoin in the Future?

Conclusion

Chapter 12 When and When Not to Act

Determining Threat Severity

Application Vulnerability Scenario

Targeted Attack Scenario

What to Do When It Hits the Fan

Block or Monitor?

Isolating the Problem

Distinguishing Threat Objectives

Responding to Actionable Intelligence

Cyber Threat Acquisition

Distinguishing Between Threats

Processing Collected Intelligence

Determining Available Engagement Tactics

Engaging the Threat

Within Your Enterprise

External to Your Enterprise

Working with Law Enforcement

To Hack or Not to Hack (Back)

To What End?

Understanding Lines (Not to Cross)

Conclusion

Chapter 13 Implementation and Validation

Vetting Your Operations

Vetting Deceptions

Vetting Perceptual Consistency in a Deception

Vetting Engagements

Putting This Book to Use with Aid from Professionals

How to Evaluate Success

Getting to the End Game

Conclusion

Glossary

Index

Other books

A Thing As Good As Sunshine by Juliet Nordeen
The Hidden Man by Robin Blake
The Wedding Machine by Beth Webb Hart
Expose (Billionaire Series) by Harper, Evelyn
Stranger in Cold Creek by Paula Graves
Tomorrows Child by Starr West
A Grave for Lassiter by Loren Zane Grey
1775 by Kevin Phillips