Reverse Deception: Organized Cyber Threat Counter-Exploitation (135 page)
Read Reverse Deception: Organized Cyber Threat Counter-Exploitation Online
Authors: Sean Bodmer
Tags: #General, #security, #Computers
Zeus bot
ZeuS Tracker
Zeus Trojan
Zhou Dynasty
Zloy forums
Table of Contents
Chapter 1 State of the Advanced Cyber Threat
What Makes a Threat Advanced and Persistent?
Examples of Advanced and Persistent Threats
Byzantine Hades/Foothold/Candor/Raptor
New Generation of Botnets and Operators
How Does Deception Fit in Countering Cyber Threats?
Centralized Planning and Control
Demonstrations—Dorchester Heights
Ruses—Operation Mincemeat (the Unlikely Story of Glyndwr Michael)
The First US Army Group Deception
“Magruder’s Principle”—Exploitation of a COG’s Perception or Bias
“Limitations to Human Information Processing”
“Choice of Types of Deception”
“Husbanding of Deception Assets”
“Beware of Possible Unwanted Reactions”
“Care in the Design of Planned Placement of Deceptive Material”
Understanding the Information Picture
Chapter 3 Cyber Counterintelligence
Applying Counterintelligence to the Cyber Realm
Sizing Up Advanced and Persistent Threats
Numbers Involved in the Attack
Chapter 4 Profiling Fundamentals
A Brief History of Traditional Criminal Profiling
The Emergence of Cyber Profiling
Acquiring an Understanding of the Special Population
Two Logical Approaches to Profiling: Inductive vs. Deductive
Information Vectors for Profiling
Socially Meaningful Communications and Connections
Chapter 5 Actionable Legal Knowledge for the Security Professional
What You Should Know About Legal Research
The Role of Statutes in Our Legal System
Chapter 6 Threat (Attacker) Tradecraft
Opportunistic Turning Targeted
Chapter 7 Operational Deception
Intrusion Detection/Prevention Systems
Honeynets as Part of Defense-in-Depth
Research vs. Production Honeynets
Check Yourself Before You’re Wrecked
What’s the Status of Your Physical Security?
How Does Your Wireless Network Look?
What’s Traveling on Your Network?
What About Your Host/Server Security?
How’s Your Operational Security?
Crimeware/Analysis Detection Systems
What Did That Malicious Software Do?
Chapter 9 Attack Characterization Techniques
Traffic, Targets, and Taxonomy
A Brief Note About Levels of Information Present in Objects
Strategic Application of Profiling Techniques
Example Study: The Changing Social Structure of the Hacking Community
Micro- and Macro-Level Analyses
The Rise of the Civilian Cyber Warrior
Potential Civilian Cyber Warrior Threats
APTs and the Internet Value Chain
Chapter 12 When and When Not to Act
Application Vulnerability Scenario
What to Do When It Hits the Fan
Distinguishing Threat Objectives
Responding to Actionable Intelligence
Distinguishing Between Threats
Processing Collected Intelligence
Determining Available Engagement Tactics
Understanding Lines (Not to Cross)
Chapter 13 Implementation and Validation
Vetting Perceptual Consistency in a Deception