eBook - ePub
Cyber Warfare – Truth, Tactics, and Strategies
Strategic concepts and truths to help you and your organization survive on the battleground of cyber warfare
Dr. Chase Cunningham
This is a test
Condividi libro
- 330 pagine
- English
- ePUB (disponibile sull'app)
- Disponibile su iOS e Android
eBook - ePub
Cyber Warfare – Truth, Tactics, and Strategies
Strategic concepts and truths to help you and your organization survive on the battleground of cyber warfare
Dr. Chase Cunningham
Dettagli del libro
Anteprima del libro
Indice dei contenuti
Citazioni
Informazioni sul libro
Insights into the true history of cyber warfare, and the strategies, tactics, and cybersecurity tools that can be used to better defend yourself and your organization against cyber threat.
Key Features
- Define and determine a cyber-defence strategy based on current and past real-life examples
- Understand how future technologies will impact cyber warfare campaigns and society
- Future-ready yourself and your business against any cyber threat
Book Description
The era of cyber warfare is now upon us. What we do now and how we determine what we will do in the future is the difference between whether our businesses live or die and whether our digital self survives the digital battlefield. Cyber Warfare – Truth, Tactics, and Strategies takes you on a journey through the myriad of cyber attacks and threats that are present in a world powered by AI, big data, autonomous vehicles, drones video, and social media.
Dr. Chase Cunningham uses his military background to provide you with a unique perspective on cyber security and warfare. Moving away from a reactive stance to one that is forward-looking, he aims to prepare people and organizations to better defend themselves in a world where there are no borders or perimeters. He demonstrates how the cyber landscape is growing infinitely more complex and is continuously evolving at the speed of light.
The book not only covers cyber warfare, but it also looks at the political, cultural, and geographical influences that pertain to these attack methods and helps you understand the motivation and impacts that are likely in each scenario.
Cyber Warfare – Truth, Tactics, and Strategies is as real-life and up-to-date as cyber can possibly be, with examples of actual attacks and defense techniques, tools. and strategies presented for you to learn how to think about defending your own systems and data.
What you will learn
- Hacking at scale – how machine learning (ML) and artificial intelligence (AI) skew the battlefield
- Defending a boundaryless enterprise
- Using video and audio as weapons of influence
- Uncovering DeepFakes and their associated attack vectors
- Using voice augmentation for exploitation
- Defending when there is no perimeter
- Responding tactically to counter-campaign-based attacks
Who this book is for
This book is for any engineer, leader, or professional with either a responsibility for cyber security within their organizations, or an interest in working in this ever-growing field.
Domande frequenti
Come faccio ad annullare l'abbonamento?
È semplicissimo: basta accedere alla sezione Account nelle Impostazioni e cliccare su "Annulla abbonamento". Dopo la cancellazione, l'abbonamento rimarrà attivo per il periodo rimanente già pagato. Per maggiori informazioni, clicca qui
È possibile scaricare libri? Se sì, come?
Al momento è possibile scaricare tramite l'app tutti i nostri libri ePub mobile-friendly. Anche la maggior parte dei nostri PDF è scaricabile e stiamo lavorando per rendere disponibile quanto prima il download di tutti gli altri file. Per maggiori informazioni, clicca qui
Che differenza c'è tra i piani?
Entrambi i piani ti danno accesso illimitato alla libreria e a tutte le funzionalità di Perlego. Le uniche differenze sono il prezzo e il periodo di abbonamento: con il piano annuale risparmierai circa il 30% rispetto a 12 rate con quello mensile.
Cos'è Perlego?
Perlego è un servizio di abbonamento a testi accademici, che ti permette di accedere a un'intera libreria online a un prezzo inferiore rispetto a quello che pagheresti per acquistare un singolo libro al mese. Con oltre 1 milione di testi suddivisi in più di 1.000 categorie, troverai sicuramente ciò che fa per te! Per maggiori informazioni, clicca qui.
Perlego supporta la sintesi vocale?
Cerca l'icona Sintesi vocale nel prossimo libro che leggerai per verificare se è possibile riprodurre l'audio. Questo strumento permette di leggere il testo a voce alta, evidenziandolo man mano che la lettura procede. Puoi aumentare o diminuire la velocità della sintesi vocale, oppure sospendere la riproduzione. Per maggiori informazioni, clicca qui.
Cyber Warfare – Truth, Tactics, and Strategies è disponibile online in formato PDF/ePub?
Sì, puoi accedere a Cyber Warfare – Truth, Tactics, and Strategies di Dr. Chase Cunningham in formato PDF e/o ePub, così come ad altri libri molto apprezzati nelle sezioni relative a Ciencia de la computación e Ciberseguridad. Scopri oltre 1 milione di libri disponibili nel nostro catalogo.
Informazioni
8
Cyber Warfare Strategic Innovations and Force Multipliers
"But magic is neither good nor evil. It is a tool, like a knife. Is a knife evil? Only if the wielder is evil."
— Rick Riordan
Tools are just that: tools. There is no innately good or evil tool. The user is what determines what that tool is going to be used for and is ultimately responsible for the impact that the tool might have. A shovel can be used to dig an irrigation ditch and provide needed water for crops and homes. It can also be used to bash someone's skull in and bury them in a shallow grave. A visceral image and a violent one, but sometimes it is necessary to be a bit shocking to get a point across.
In cyber warfare this is just as true. While there certainly have been specifically developed weapons that have emerged from nation state actors and groups, the majority of what has been used as the tools to engage in cyber warfare actions were actually simply functional pieces of the infrastructure or tooling that could be used for innovations or securing systems. The tools that are in this space most often have a double edge. One can be used to help secure systems and improve the quality of an infrastructure, and the other edge is ever ready to be turned on the defenders and used to eviscerate those same systems and its users.
In this chapter, we will point out some of the more overly malicious tools that are either actively being used for malicious purposes or that are in the early stages of usability as potential tool sets. Additionally, we will delve into some similar tools that can be used to possibly defend an enterprise from a cyber warfare action. However, keep in mind that a tool is just that, a tool. It is only as good or as evil as the user behind it.
In this chapter, we will discuss some tools and techniques that can act as force multipliers for defenders if they are leveraged correctly:
- We will detail ways to plan for real-world defense operations
- We will talk about ways to address issues around passwords
- We break down how the Software-Defined Perimeter can be part of a stronger infrastructure
Defensive tooling and strategic enablers
When it comes to defending an organization from future related attack vectors, there is a requirement that the defender changes their way of thinking in order to better prepare for what might be heading their way. The old paradigm of simply trying to predictively stay ahead of the threat by using anti-virus tooling, or having segmented VLANs that are bound by firewalls, is no longer sufficient.
Attack tooling and threat vectors have proven these outdated approaches to be ineffective, and to continue to try and defend anything with approaches and tools that have proven insufficient is tantamount to madness. Changing the way in which one plans for coming attacks, and using newer, more innovative solutions that operate in the way infrastructure, users, and the ever-changing workforce are evolving, is not optional: it is the only way to have any chance at survival.
In order to understand how best to defend something, one must first understand what types of attacks are most likely to succeed. In doing this, what happens is that the organization can better understand what priorities must be prescribed to address the most immediately impactful areas of concern. Just as in combat within the physical space, a defense is best when it is based on reality and when the defender aligns their strategy and technologies to defend where an attack is most likely to occur.
Meet the Monkey
In cyberspace and in cyber warfare exploitation, attacks succeed because they locate and leverage the weak points in systems and networks. They do this by looking for technical and human vulnerabilities and then slowly and carefully zeroing in on the fail points that are found.
In order to defend from this type of attack cycle, it is necessary to continually test the system for those likely weak points. But this can be difficult, especially when dealing with large infrastructures that are bridged between cloud, non-cloud, on premises, off premises, and a wide variety of other potential configurations. One of the most well-aligned tools that fits this need is available as an open source offering.
It is called Infection Monkey.
Figure 1: The Infection Monkey logo
The Infection Monkey tool is designed to be an open source solution to help an organization test its infrastructure's and data center's ability to withstand a breach, and the follow-on lateral movement that usually results in more internal server or machine infections. The Infection Monkey system uses a variety of methods and tactics that allow it to automate the exploitation life cycle and autonomously self-propagate across an infrastructure. This system also includes a ready-built system that reports successful exploits and compromises to a centralized Monkey Island server.
This system has a wide offering of potential exploit tools and tactics that can be aimed at critical infrastructure components to help automate testing, which will allow the defenders to better focus their efforts on fixing what is most likely to be a fail point. A few of the more recent and often effective modules within the Infection Monkey tool are as follows:
- Sambacry – A remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
- ShellShock – Allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the
mod_cgiandmod_cgidmodules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, also known as ShellShock. - ElasticGroovy – Allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script. The Infection Monkey will look for machines with an open port 9200 and attempt to execute commands. If successful, the Infection Monkey will use scripts to collect machine intelligence and configuration data and to also download an executable to the machine to further propagate Infection Monkey tooling into the infrastructure.
- Struts2 – Allows an attacker to perform a remote code execution (RCE) attack with a malicious
Content-Typevalue. If theContent-Typevalue isn't valid an exception is thrown, which is then used to display an error message to a user. The Infection Monkey will discover if the attacked machine is vulnerable and if so, will craft a specific payload to exploit the vulnerability. Following that the Infection Monkey uses this exploited machine to continue its propagation further into the network. - WebLogic – Oracle's WebLogic server has a blind RCE that can be attacked and exploited with a crafted packet. To do this, the Infection Monkey installs a server that listens for incoming traffic that is indicative of the vulnerable server communicating on the network. The Infection Monkey then sends crafted exploit packets to different components with intrinsic commands to each component of the WebLogic server. The server will respond due to the vulnerability, and the Infection Monkey system then uses scripted commands to launch an exploit against the WebLogic server.
- Credential Harvesting – Because of the proliferation of administrator and overly empowered user accounts and their associated passwords being so prevalent on networked systems, the Infection Monkey tool also includes a module for credential harvesting. To do this, the Infection Monkey system targets Windows machines with a customized version of Mimikatz (a common exploit tool for harvesting password secrets from Windows machines). The Infection Monkey tool will also exploit Linux machines by scraping accessible SSH (Secure Shell) key pairs and attempting to use them to log in to other machines on the network.
Those are just a few of the capabilities this tool offers. While there are a variety of exploits built into the tool, usually most deeper infections result from the use of bad passwords and overly excessive shares and privileges that the Infection Monkey finds. It is not usually the power of any singular exploit that allows this system to dig so deep into the infrastructure.
Figure 2: A singular instance of an Infection Monkey appears when testing begins
We'll get more into specific capabilities of the Infection Monkey in the following section.
More offerings from the Infection Monkey
The Infection Monkey also can help defenders decipher where there are avenues within their infrastructure for lateral movement, which is often when an exploit goes from problematic to a WannaCry-level event. The Infection Monkey tool does this by using a variety of detection capabilities that defenders can use to help automate their analysis of potential infection and exploitation avenues. The system does this by using an installed analytics tool that looks at machines that are in the same domain or work group and may have the same users and passwords present on them. This is done via a "pass-the-hash" attack that is a common penetration testing approach for gaining access to systems with shared credentials.
In a pass-the-hash attack, the attacker works to basically "become" a user and is authenticated without having access to the user's actual password. In a pass-the-hash attack, the goal of the attacker is to use the hash directly without cracking it. Doing that makes time-consuming password cracking less necessary. Because passwords are often stored in plaintext or use weak encryption and are also usually stored in a hash form, this attack is often successful. If an attacker obtains a valid password hash, they can use it to gain access to a system.
A hashing function is designed to take an input and convert it into an output that cannot be reversed. This method bypasses standard authentication on many systems and is a favorite for lateral movement. Using this technique, valid password hashes for the targeted user account are captured using a credential access technique. Once the attacker is successfully authenticated as a valid user, the attacker can further leverage the culled hashes to perform authenticated actions on local or remote systems.
Pass-the-hash attacks are most often noted in attacks on Windows systems. However, they are possible on other systems. Vulnerable web applications are also possible targets of pass-the-hash attacks. In Windows, this attack depends on using Single Sign-On (SSO) functionality in authentication protocols. With SSO, users enter their passwords once and are then able to access resources they have been given rights to without requiring re-authentication on the system. SSO requires the system to have the users' credentials stored temporarily within the cache. The Windows system then replaces that credential with a password hash (usually a ticket). Any follow-on authentication is then done by using that value instead of the actual credential. In Windows, those hashes are loaded into Local Security Authority Subsystem (LSASS). That component is responsible for user authentication, among other things. Using hash dumping tools, an attacker will seek to dump the passwords' hashes for further use.
Additionally, the Infection Monkey system possesses the capability to test for proper micro-segmentation policies and controls via firewalls. The Infection Monkey system accepts a list of network segments that the administrator or tester thinks are segmented and "untouchable" for testing purposes. The monkey then attempts to gain access to those assets using common cross-domain exploitation tooling. If any of those exploits or login attempts work, the results are propagated to the Infection Monkey report server.
Finally, the Infection Monkey can act as if it were crafted malware and will even trigger malware alerts if the affected system has those tools in place. It can also work to act as more nation state related malware and attempt to tunnel out of the network. It does this by using its custom-built tooling to automatically attempt using common internal network protocols and ports to tunnel traffic out of the internals of the infrastructure.
The tunneling capability of the Infection Monkey system operates in a very similar manner...