Attribution of Advanced Persistent Threats: How to Identify the Actors Behind Cyber-Espionage

Front Cover
Springer Nature, 2020 M07 20 - 205 pages

An increasing number of countries develop capabilities for cyber-espionage and sabotage. The sheer number of reported network compromises suggests that some of these countries view cyber-means as integral and well-established elements of their strategical toolbox. At the same time the relevance of such attacks for society and politics is also increasing. Digital means were used to influence the US presidential election in 2016, repeatedly led to power outages in Ukraine, and caused economic losses of hundreds of millions of dollars with a malfunctioning ransomware. In all these cases the question who was behind the attacks is not only relevant from a legal perspective, but also has a political and social dimension.

Attribution is the process of tracking and identifying the actors behind these cyber-attacks. Often it is considered an art, not a science.

This book systematically analyses how hackers operate, which mistakes they make, and which traces they leave behind. Using examples from real cases the author explains the analytic methods used to ascertain the origin of Advanced Persistent Threats.

 

Selected pages

Contents

Part I Introduction
2
1 Advanced Persistent Threats
3
2 The Attribution Process
22
Part II Attribution Methods
51
3 Analysis of Malware
53
4 Attack Infrastructure
70
5 Analysis of Control Servers
87
6 Geopolitical Analysis
99
9 Doxing
147
10 False Flags
153
11 Group SetUps
165
Part III Strategical Aspects
171
12 Communication
172
13 Ethics of Attribution
185
14 Conclusion and Outlook
190
A Glossary
197

7 TelemetryData from Security Products
121
8 Methods of Intelligence Agencies
131
Index
201
Copyright

Other editions - View all

Attribution of Advanced Persistent Threats: How to Identify the Actors ...
Timo Steffens
No preview available - 2020
Attribution of Advanced Persistent Threats: How to Identify the Actors ...
Timo Steffens
No preview available - 2021

Common terms and phrases

abductive reasoning Accessed 18th activities actors Advanced Persistent Threats analysts APT groups APT1 assess attribution statements backdoors Blog C&C domains C&C servers campaign China Chinese clustering compromised configured connections contractors control servers CrowdStrike cui bono culprits cyber cyber-espionage cyber-operations databases detection documents domain names email address espionage evidence example exfiltration exploits false flags files FireEye government agencies graphical user interface hacked hackers hypotheses identify indicators infosec infrastructure installed intelligence agencies intelligence services Internet intrusion sets IP addresses IT-security companies Kaspersky Labs killchain malicious code malware families malware samples Mandiant methods MICTIC aspects military network traffic North Korea operations OpSec organization OSINT PDB path perpetrators phase publicly ransomware relevant reports rootkits Russian sector security companies security products SIGINT Snake source code Symantec targets teams technical telemetry ThreatConnect timestamps TTPs types United usually victims WikiLeaks

About the author (2020)

Dr. Timo Steffens was involved in the analysis of many of the most spectacular cyber-espionage cases in Germany. He has been tracking the activities and techniques of sophisticated hacker groups for almost a decade.


Bibliographic information

TitleAttribution of Advanced Persistent Threats: How to Identify the Actors Behind Cyber-Espionage
Computer Science
Computer Science (R0)
AuthorTimo Steffens
PublisherSpringer Nature, 2020
ISBN3662613131, 9783662613139
Length205 pages
  
Export CitationBiBTeX EndNote RefMan