Attribution of advanced persistent threats : how to identify the actors behind cyber-espionage /
Saved in:
| Main Author: | |
|---|---|
| Corporate Author: | |
| Format: | Electronic eBook |
| Language: | English German |
| Published: |
Berlin, Germany :
Springer Vieweg,
[2020]
|
| Subjects: | |
| Online Access: | Connect to this title online (unlimited simultaneous users allowed; 325 uses per year) |
MARC
| LEADER | 00000nam a2200000Ii 4500 | ||
|---|---|---|---|
| 001 | b3824350 | ||
| 003 | CStclU | ||
| 005 | 20201213142340.3 | ||
| 006 | m o d | ||
| 007 | cr cnu---unuuu | ||
| 008 | 200730s2020 gw ob 001 0 eng d | ||
| 020 | |a 9783662613139 |q (electronic bk.) | ||
| 020 | |a 3662613131 |q (electronic bk.) | ||
| 020 | |z 3662613123 | ||
| 020 | |z 9783662613122 | ||
| 024 | 7 | |a 10.1007/978-3-662-61313-9 |2 doi | |
| 035 | |a (NhCcYBP)ebc6272272 | ||
| 037 | |a com.springer.onix.9783662613139 |b Springer Nature | ||
| 040 | |a NhCcYBP |c NhCcYBP | ||
| 041 | 1 | |a eng |h ger | |
| 050 | 4 | |a QA76.9.A25 |b S74 2020 | |
| 082 | 0 | 4 | |a 005.8 |2 23 |
| 100 | 1 | |a Steffens, Timo, |e author. | |
| 245 | 1 | 0 | |a Attribution of advanced persistent threats : |b how to identify the actors behind cyber-espionage / |c Timo Steffens. |
| 264 | 1 | |a Berlin, Germany : |b Springer Vieweg, |c [2020] | |
| 300 | |a 1 online resource ( xiv, 201 pages) | ||
| 336 | |a text |b txt |2 rdacontent | ||
| 337 | |a computer |b c |2 rdamedia | ||
| 338 | |a online resource |b cr |2 rdacarrier | ||
| 504 | |a Includes bibliographical references and index. | ||
| 505 | 0 | 0 | |a Machine generated contents note: |g 1. |t Advanced Persistent Threats -- |g 1.1. |t Advanced Persistent Threats -- |g 1.2. |t Phases of Attacks by APTs -- |g 1.3. |t Reconnaissance -- |g 1.4. |t Delivery -- |g 1.5. |t Installation -- |g 1.6. |t Lateral Movement -- |g 1.7. |t Exfiltration -- |g 1.8. |t Erase Evidence -- |t References -- |g 2. |t Attribution Process -- |g 2.1. |t Why Attribution at All? -- |g 2.2. |t Terminology for Describing Cyber-Attacks and Actors -- |g 2.3. |t Levels of Attribution -- |g 2.4. |t Attribution Phases -- |g 2.5. |t Premises Used for Attribution -- |g 2.6. |t MICTIC Framework -- |t References -- |g 3. |t Analysis of Malware -- |g 3.1. |t Attacker Perspective: Development of Malware -- |g 3.2. |t Sources for Analysts -- |g 3.3. |t Evidence from the Development Environment -- |g 3.4. |t Analysis of Functionality -- |g 3.5. |t Overview of Relevant Information Types -- |t References -- |g 4. |t Attack Infrastructure -- |g 4.1. |t Attacker Perspective: Managing the Control Server Infrastructure -- |g 4.2. |t Public Information and Tools -- |g 4.3. |t Active Scanning -- |g 4.4. |t Overview of Relevant Information Types -- |t References -- |g 5. |t Analysis of Control Servers -- |g 5.1. |t Attacker Perspective: Using Control Servers -- |g 5.2. |t Network Traffic -- |g 5.3. |t Hard Disks -- |g 5.4. |t Overview of Relevant Information Types -- |t References -- |g 6. |t Geopolitical Analysis -- |g 6.1. |t Attacker Perspective: Tasking -- |g 6.2. |t Domestic and International Conflicts -- |g 6.3. |t Economic Interests -- |g 6.4. |t Analysis of Organizations' Roles and Missions -- |g 6.5. |t Analysis of Organizational Structures -- |g 6.6. |t Overview of Relevant Information Types -- |t References -- |g 7. |t Telemetry-Data from Security Products -- |g 7.1. |t Attacker Perspective: Awareness of Telemetry -- |g 7.2. |t Types of Telemetry Data -- |g 7.3. |t Use-Cases for Telemetry Data -- |g 7.4. |t Overview of Relevant Information Types -- |t References -- |g 8. |t Methods of Intelligence Agencies -- |g 8.1. |t Attacker Perspective: Countering Counter-Intelligence -- |g 8.2. |t OSINT-Open Source Intelligence -- |g 8.3. |t General Signals Intelligence-SIGINT -- |g 8.4. |t SIGINT About Cyber-Activity -- |g 8.5. |t HUMINT-Human Intelligence -- |g 8.6. |t Offensive Cyber-Operations-Hacking Back -- |g 8.7. |t Requests to Providers -- |g 8.8. |t Organizations Conducting Attribution -- |g 8.9. |t Overview of Relevant Information Types -- |t References -- |g 9. |t Doxing -- |g 9.1. |t Attacker Perspective: The Online Identity -- |g 9.2. |t Researching Persons Online -- |t References -- |g 10. |t False Flags -- |g 10.1. |t Attacker Perspective: Planting False Flags -- |g 10.2. |t Analyzing False Flags -- |t References -- |g 11. |t Group Set-Ups -- |g 11.1. |t Pattern-Based Approach -- |g 11.2. |t Group Templates Based on MICTIC Aspects -- |g 11.3. |t Group Templates Based on Killchain Phases -- |t References -- |g 12. |t Communication -- |g 12.1. |t Audience and Purpose -- |g 12.2. |t Presentation of Results -- |g 12.3. |t Reaction to Disclosure -- |t References -- |g 13. |t Ethics of Attribution -- |g 13.1. |t Neutrality -- |g 13.2. |t Consequences of Attribution -- |g 13.3. |t Outing Individuals -- |g 13.4. |t Possibility of Mistakes -- |t References -- |g 14. |t Conclusion and Outlook -- |g 14.1. |t Attribution as a Process -- |g 14.2. |t Outlook -- |t Reference. |
| 533 | |a Electronic reproduction. |b Ann Arbor, MI |n Available via World Wide Web. | ||
| 588 | |a Description based on online resource; title from digital title page (viewed on August 18, 2020). | ||
| 650 | 0 | |a Cyber intelligence (Computer security) | |
| 710 | 2 | |a ProQuest (Firm) | |
| 776 | 0 | 8 | |c Original |z 3662613123 |z 9783662613122 |
| 856 | 4 | 0 | |u https://ebookcentral.proquest.com/lib/santaclara/detail.action?docID=6272272 |z Connect to this title online (unlimited simultaneous users allowed; 325 uses per year) |t 0 |
| 907 | |a .b38243507 |b 211018 |c 211018 | ||
| 998 | |a uww |b |c m |d z |e l |f eng |g gw |h 0 | ||
| 917 | |a GOBI ProQuest DDA | ||
| 919 | |a .ulebk |b 2020-07-09 | ||
| 999 | f | f | |i 6e4dc9e6-729e-5660-8dfd-3feea291b7a7 |s aff164f9-c1bb-567f-b1e2-a47143a5aba4 |t 0 |