Cyber-crime increasingly impacts both the online and offline world, and targeted attacks play a significant role in disrupting services in both. Targeted attacks are those that are aimed at a particular individual, group, or type of site or service. Unlike worms and viruses that usually attack indiscriminately, targeted attacks involve intelligence-gathering and planning to a degree that drastically changes its profile.
Individuals, corporations, and even governments are facing new threats from targeted attacks. Targeted Cyber Attacks examines real-world examples of directed attacks and provides insight into what techniques and resources are used to stage these attacks so that you can counter them more effectively.
- A well-structured introduction into the world of targeted cyber-attacks
- Includes analysis of real-world attacks
- Written by cyber-security researchers and experts
information security and information technology professionals, as well as students studying cyber-security
- A Few Words About Targeted Cyber Attacks
- About the Authors
- Chapter 1. Introduction
- Chapter 2. Intelligence Gathering
- 2.1 Intelligence Gathering Process
- 2.2 OSINT, CYBINT, and HUMINT
- 2.3 OSNs: A Case Study
- Chapter 3. Infecting the Target
- 3.1 Elements Used in Incursion
- 3.2 Model A: Spear Phishing Attack: Malicious Attachments
- 3.3 Model B: Spear Phishing Attack: Embedded Malicious Links
- 3.4 Model C: Waterholing Attack
- 3.5 Model D: BYOD as Infection Carriers: USB
- 3.6 Model E: Direct Incursion: Network Exploitation
- Chapter 4. System Exploitation
- 4.1 Modeling Exploits in Targeted Attacks
- 4.2 Elements Supporting System Exploitation
- 4.3 Defense Mechanisms and Existing Mitigations
- 4.4 Anatomy of Exploitation Techniques
- 4.5 Browser Exploitation Paradigm
- 4.6 Drive-By Download Attack Model
- 4.7 Stealth Malware Design and Tactics
- Chapter 5. Data Exfiltration Mechanisms
- 5.1 Phase 1: Data Gathering Mechanisms
- 5.2 Phase 2: Data Transmission
- Chapter 6. Maintaining Control and Lateral Movement
- 6.1 Maintaining Control
- 6.2 Lateral Movement and Network Reconnaissance
- Chapter 7. Why Targeted Cyber Attacks Are Easy to Conduct?
- 7.1 Step 1: Building Targeted Attack Infrastructure
- 7.2 Step 2: Exploring or Purchasing Stolen Information About Targets
- 7.3 Step 3: Exploits Selection
- 7.4 Step 4: Malware Selection
- 7.5 Step 5: Initiating the Attack
- 7.6 Role of Freely Available Tools
- Chapter 8. Challenges and Countermeasu
- No. of pages:
- © Syngress 2014
- 18th April 2014
- eBook ISBN:
- Paperback ISBN:
Aditya K Sood (Ph.D) is a Lead Architect for Cloud Threat Labs at Elastica. Dr. Sood has research interests in malware automation and analysis, application security, secure software design and cybercrime. He has worked on a number of projects pertaining to penetration testing specializing in product/appliance security, networks, mobile and web applications while serving Fortune 500 clients for IOActive, KPMG and others. He has authored several papers for various magazines and journals including IEEE, Elsevier, CrossTalk, ISACA, Virus Bulletin, Usenix and others. His work has been featured in several media outlets including Associated Press, Fox News, The Register, Guardian, Business Insider, Kaspersky Threatpost, CBC and others. He has been an active speaker at industry conferences and presented at BlackHat, DEFCON, HackInTheBox, RSA, Virus Bulletin, OWASP and many others. Dr. Sood obtained his Phd from Michigan State University in Computer Sciences. Dr. Sood is also an author of "Targeted Cyber Attacks" book published by Syngress.
Company Website: http://www.elastica.net
Personal Website: http://adityaksood.secniche.org
Aditya K. Sood, Ph.D., senior security researcher and consultant.
Dr. Richard Enbody is an Associate Professor in the Department of Computer Science and Engineering. He joined the faculty in 1987 after earning his Ph.D. in Computer Science from the University of Minnesota. Richard received his B.A. in Mathematics from Carleton College in Northfield, Minnesota in 1976, and spent six years teaching high school mathematics in Vermont and New Hampshire. Richard has published research in a variety of areas, but mostly in computer security and computer architecture. He holds two nanotechnology patents from his collaboration with Physicists. Together with Bill Punch he published a textbook using Python in CS1: The Practice of Computing Using Python (Addison-Wesley, 2010), now in its second edition. When not teaching, Richard plays hockey, squash, canoes, as well as a host of family activities.
Richard J. Enbody, Ph.D., associate professor of Computer Science & Engineering at Michigan State University.
"…the book provides a good introduction to the topic with significant amounts of background information. It provides a mid- to high-level overview of the topic."--RSAConference.com, 22-Sep-14
"…the book works its way through how attacks are planned and executed, following by a description of protective measures and concluding with a bit of myth-busting in order to leave readers with a clear and accurate picture of what the threat really means for them…you get a very sharp sense of how and why these attacks are possible."--Network Security, June 2014
"The most complete text in targeted cyber attacks to date. Dr. Sood and Dr. Enbody are able to present the topic in an easy to read format that introduces the reader into the basics of targeted cyber attacks, how the attackers gather information about their target, what strategies are used to compromise a system, and how information is being exfiltrated out from the target systems. The book then concludes on how to build multi-layer defenses to protect against cyber attacks. In other words, the book describes the problem and presents a solution. If you are new to targeted attacks or a seasoned professional who wants to sharpen his or her skills, then this book is for you."
—Christopher Elisan, Principal Malware Scientist, RSA –The Division of EMC
"As targeted attacks become ever more prevalent, sophisticated and harmful, it’s important that we understand them clearly, learn to detect them and know how to mitigate their effects. With this book, Aditya Sood and Richard Enbody have provided us with the tools to do this. Their clear, technically detailed analysis helps cut through the fear, uncertainty, doubt and hype surrounding this subject, to help us understand what’s really going on and what to do about it."
—Steve Mansfield-Devine, Editor, Network Security, Computer Fraud & Security
"Dr. Aditya K Sood and Dr. Richard J Enbody have done an excellent job of taking the very complex subject of targeted attacks and breaking it down systematically so we can understand the attack techniques, tactics and procedures and build defensive mitigation strategies around them. "Targeted Cyber Attacks" provides insights into common indicators of compromise, so your security teams can react as fast as possible and distinguish anomalous behavior from everyday normal user behavior."
—Stephan Chenette, CTO at AttackIQ, Inc.
"Sood and Enbody have taken a systematic, step by step approach to break down a pretty complex topic into bite-sized chunks that are easily digestible. They cover everything from the basics and ‘need to know’ of targeted attacks to the more advanced insights into the world of exploit packs, attack techniques and more."
—Dhillon Andrew Kannabhiran, Founder/Chief Executive Officer, Hack In The Box
"Targeted Cyber Attacks is by far the perfect manual to dive into the dark borders of cybercrime. The book thoroughly describes the model and the mechanisms used by criminals to achieve the cyber attack to exfiltrate information or steal money. From a pen-tester’s perspective, the ethical hackers will certainly find the fundamental factors to prepare a better approach to conduct high level penetration testing. Aditya and Richard deliver the secrets used by cyber-criminals to get inside the most secured companies. I learned a lot from this stunning publication authored by a BlackHat Arsenal Jedi."
—Nabil Ouchn, Founder of ToolsWatch.org and Organizer of BlackHat Arsenal
"I have always been a fan of the articles that have been published by Dr. Sood and Dr. Enbody in the past - and this book reflects that same quality of work we have come to enjoy here at CrossTalk. I found the information to be a very extensive, compelling read for anyone interested in modern cyber-attack methodologies. The information flows from chapter-to-chapter in a very logical sequence and is easily understandable by even those with limited knowledge in the cyber-security realm. I found the work to be extremely interesting and the writing style is active and enjoyable at all points. The work presented should be read by not only those in the software realm, but also the casual user who has an interest in privacy and security for themselves."
—Justin Hill, Executive Publisher of CrossTalk, the Journal of Defense Software Engineering
"Targeted attacks are one of the most virulent, dangerous cyber threats of our time. Every company, large and small, should be factoring these in as a major risk. This book brings readers up to speed, and helps them get in front of the threat, so that they can take action before they are targeted."
—Danny Bradbury, Cyber Security Journalist and Editor