Cyber Fraud Tactics Techniques and Procedures 1st Edition by Rick Howard 0367385740 9780367385743
Original price was: $50.00.$35.00Current price is: $35.00.
Cyber Fraud Tactics Techniques and Procedures 1st Edition by Rick Howard – Ebook PDF Instant Download/Delivery: 0367385740, 9780367385743
Full download Cyber Fraud Tactics Techniques and Procedures 1st Edition after payment
Product details:
ISBN 10: 0367385740
ISBN 13: 9780367385743
Author: Rick Howard
With millions lost each year, cyber crime has evolved from a minor nuisance to a major concern involving well-organized actors and highly sophisticated organizations. Arguably one of the most important challenges of the 21st century, with millions lost each year, cyber crime has evolved from a minor nuisance to a major concern involving well-organized actors and highly sophisticated organizations. This volume explores the state of threats present in the cyber fraud underground. It discusses phishing/pharming, trojans/toolkits, direct threats, and pump-and-dump scams. By examining the operations of the cyber criminal, the book provides perspective into the general incentives, risks, and behavioral patterns of the fraudsters. Armed with this information, organizations and individuals are better able to develop countermeasures and crafting tactics to disrupt the fraud underground and secure their systems.
Cyber Fraud Tactics Techniques and Procedures 1st Table of contents:
Part I: Underground Culture
Chapter 1 Emerging Economic Models for Software Vulnerability Research
Executive Summary
Introduction
Economic Vulnerability Models
Government
Internal Discovery
Contracted
Purchase of Externally Discovered Vulnerabilities
Open Market
Outsourced
Internal Discovery
Underground
Contracted
Purchase
Auction
Vendors
Compensation
No Compensation
Impact and Implications of Economic Models
Government
Open Market
Underground
Auction
Vendors
Conclusion
Chapter 2 Cyber Fraud: Principles, Trends, and Mitigation Techniques
Executive Summary
Cyber Fraud Model
Cyber Fraud Roles
Acquisition Techniques
Cashing Out
The Model Made Real: The Carding Underground in 2007
Obtaining Financial Information
Phishing
Network Intrusion
Trojan Horses
“Real-World” Theft
Buying/Selling Stolen Financial Information
Carding Forums
Dumps Vendors
Noncarding-Related Forums Used for Carding
Notable Carders
Average Prices for Stolen Data
Comparison to Data from 2004 to 2005
Money Mule Operations: Concealing the Crime
Background Information on Money Mule Operations
Increasingly Sophisticated E-Mails
Incorporation of “Rock Phish”—Style Tactics
The Hong Kong Connection
The Evolution of Cyber Fraud Techniques: Phishing and Pharming
Phishing
The Development of Phishing Techniques
Obfuscation Techniques
Fast-Flux Phishing Sites: Too Fast for Traditional Solutions
Pharming
How Pharming Works and How It Developed
Domain Name System (DNS) Spoofing
DNS Cache Poisoning
Voice-Over Internet Protocol (VoIP) Pharming
Drive-By Pharming
Implications
Mitigation
The Evolution of Cyber Fraud Techniques: Trojans and Toolkits
Keystroke Logging
Form Grabbing
Screenshots and Mouse-Event Capturing
Phishing and Pharming Trojans
Hypertext Markup Language (HTML) Injection
Protected Storage Retrieval
Certificate Stealing
The Evolution of Cyber Fraud Techniques: Direct Attacks
Insider Threats
Information Gain
Financial Gain
Database Timing Attacks
Laptop Theft: At Home and Abroad
The Evolution of Cyber Fraud Techniques: “Pump-and-Dump”
How “Pump-and-Dump” Stock Scams Work
Typical “Pump-and-Dump” Spam Activity Patterns
VeriSign iDefense Commentary on Operation Spamalot
Charging “Pump-and-Dump” Fraudsters
PDFs Used in “Pump-and-Dump” Spam, Malicious E-Cards on July 4, 2007
E-Trade “Pump-and-Dump” Scam
Conclusion
Chapter 3 The Cyber Threat Landscape in Russia
Executive Summary
Background
Foreign Politics of the Russian Federation
Domestic Politics of the Russian Federation
Ethnic Tensions within the Russian Federation
Economic Background
Macroeconomic Indicators
The Russian Information Technology Sector
Human Capital
Software
IT and Communications Services
Mobile Telephony
Internet Service Providers
Internet-Specific Technologies
Broadband
Wireless Internet
Internet Penetration and Use
The Role of Government
Restrictions on Online Content
The Threat Landscape of the Russian Federation
Motivation/Weltanschauung: Perceptions and Targets
The Positive Aspects of Russian Law Enforcement
Corruption
Corruption among Law Enforcement
Financially Motivated Crime
Piracy and Intellectual Property Infringement
Cyber Crime
Insider Threat
Financial Fraud
Phishing/Banking Trojans
A Shift to Malicious Code
Web Infections
ATM Fraud
Financial Market Manipulations
“ump-and-Dump”Scams
Carding
Data Extortion
Distributed Denial of Service (DDoS) Attacks
Spam
Politically Motivated Use of Cyberspace
May 2007 Attacks on Estonia
The Russian Government: Sponsor of Politically Motivated Cyber Attacks?
Conclusion
Chapter 4 The Cyber Threat Landscape in Brazil
Executive Summary
Introduction
Economics and Business Environment
Corruption
Organized Crime
The Brazilian IT Sector
Deregulation and Privatization of IT in the 1990s
Internet Penetration and Use
E-Government
Human Capital and General Features of the IT Workforce
Regulatory Environment
Addressing Cyber Crime through an Antiquated Penal Code
Data and Public Information Systems
Upcoming Legislative Initiatives
Cyber Law Enforcement: Developed But Deeply Fractured
Federal Law Enforcement
State Law Enforcement
Police and the Financial Sector
Security Measures and Incident Handling in the Financial Sector
The Threat Landscape
Unique Features of the Brazilian Threat Environment
Banking Trojans
Intellectual Property Theft and Corporate Espionage
Taxonomy of Criminal Actors and Organizations
General Contours of Fraud Schemes
Connections to Organized Crime
International Connections
Conclusion
Chapter 5 The Russian Business Network: The Rise and Fall of a Criminal ISP
Executive Summary
Rumors and Gossip
Russian Business Network (RBN) as It Was
Organization and Structure
Affiliated Organizations
Closed Organizations
ValueDot
SBTtel
Credolink ISP, Online Invest Group, LLC
Akimon
Nevacon Ltd.
Delta Systems
Eexhost
Too Coin
4stat.org
The Chinese ISPs
Western Express
Organizations Still in Operation
Absolutee
MNS
PeterStar
Obit
Datapoint
Infobox
Luglink and Linkey
RBN Activities
RBN Domains
Rock Phish
Metafisher
Storm Worm
Torpig
Corpse’s Nuclear Grabber, OrderGun, and Haxdoor
Gozi
Paycheck_322082.zip
MCollect E-Mail Harvester
QuickTime Malicious Code and Google Adwords
Distributed Denial of Service Attacks
Pornography
The Official End of RBN
RBN under Pressure
Pressure from the Media
Configuration Changes and Dissolution
Chapter 6 Banking Trojans: An Overview
Executive Summary
Introduction
Stages of Attack
Distribution
Infection
Information Theft
Information Sale
Real-World Fraud
Techniques and Malicious Code Evolution
Keystroke Logging
Form Grabbing
Screenshots and Mouse Event Capturing
Phishing and Pharming Trojans
Hypertext Markup Language (HTML) Injection
Protected Storage Retrieval and Saved Password Retrieval
Certificate Stealing
Flash Cookie Stealing
Backdoor and Proxy Access
Most Common Banking Malicious Software in the Wild
Brazilian Banking Trojans
The Nanspy Banking Worm
Known Trojan Toolkits
Early Favorites
Pinch (Common Names: Pin, LDPinch)
A-311 Death and Nuclear Grabber (Common Name: Haxdoor)
Limbo (Common Name: NetHell)
Agent DQ (Common Names: Metafisher, Nurech, BZub, Cimuz, BankEm)
Apophis (Common Name: Nuklus)
VisualBreeze E-Banca/VisualBriz (Common Name: VBriz, Briz, Sters)
Snatch
Power Grabber
Zeus (Common Names: PRG, TCPWP, WSNPOEM)
Spear-Phished Information-Stealing Trojans
Banking Trojan Services
Service Trojan #1 (Common Names: Torpig, Sinowal, Anserin)
Service Trojan #2 (Common Names: OrderGun, Gozi, Ursnif, Snifula, Zlobotka)
Unknown Trojans
Unknown #1 (Common Names: Matryoshka, SilentBanker)
Unknown #2 (Common Names: BankPatch, Dutch Moon)
Unknown #3 (Common Name: Dotlnj)
More Unknowns
Command-and-Control (C&C) Servers and Drop Sites
Command-and-Control and Drop Site Server Types
HTTP/HTTPS
FTP
Internet Relay Chat (IRC)
Proprietary Servers
Peer-to-Peer Servers
Bulletproof Hosting
Fast-Flux Hosting
Tor “Hidden Services”
Minimizing Financial Impact
Server-Side Mitigation
Multifactor Authentication
Server Logging to Flag Trojan Victims
U0ser Protection
Stored Passwords
Malicious Code Prevention
Malicious Code Removal
Credential Recovery
Attacking Defaults
Insecure FTP and Web Servers
Vulnerable C&C/Drop Site Scripts
Credential Processing
Future Trends
Conclusion
Chapter 7 Inside the World of Money Mules
Executive Summary
Introduction
Cyber Fronts: Where Mule Operations Begin
Recent Developments
Increasingly Sophisticated E-mails
Example of an E-mail Employment Solicitation for a Money Mule Position
Analysis
Incorporation of “Rock Phish”-Style Tactics
PhishTank.com Posting, from March 2007
The Hong Kong Connection
March 2007 Posting to Whitestar’s Mailing List
Conclusion
Part II: Underground Innovation
Chapter 8 IFrame Attacks — An Examination of the Business of IFrame Exploitation
Executive Summary
Introduction to IFrames
What Is an IFrame?
How Attackers Use IFrames
IFrame Attacks with Secure Socket Layers (SSLs)
IFrame Attacks versus Alternatives
Simple IFrame Attack Models
What the Attacks Look Like
How IFrames Are Distributed
Hacking Web Sites and Web Servers
Banner Advertisements
Worms and Viruses
What the IFrames Deliver
Vulnerabilities in Browser Software
Vulnerabilities in Other Software
Combining the Vulnerabilities for the One-Fits-All Attack
Postexploitation Activities: Where Criminals Make the Real Money
Simple IFrame Economics
IFrame-for-Hire Networks
The IFrame Stock Market
Monitoring Regionally Biased Attacks with IFrame Stalker
Stopping IFrame Attacks
Client System Mitigation
Server-Side Mitigation
Customer Mitigation
The Future of IFrame Attacks
Chapter 9 Distributed Denial of Service (DDoS) Attacks: Motivations and Methods
Executive Summary
Introduction
Definition
DDoS Types
Bandwidth Depletion Attacks
Direct Flood Attacks
Resource Depletion Attacks
Transmission Control Protocol (TCP) SYN Flood Attack
Recursive Hypertext Transfer Protocol (HTTP) Flood (Spidering)
PUSH and ACK Attacks
Land Attack
DDoS Tools
Motivations for Conducting DDoS Attacks
DDoS as Cyber Crime
Extortion
DDoS and Phishing Attacks
Business Rivalry
DDoS as Revenge
Propaganda — Hacktivism
Nationalism
Miscellaneous
Denial of Service (DoS) and Botnets
The DDoS Players
Bot Master
Stepping Stones
Handlers
Agents/Bots/Drones/Zombies
Creating a Botnet
Recruiting an Army — The Scanning Phase
Taking Control
Malicious Code Propagation
Propagation through a Central Repository
Back-Chaining Propagation
Autonomous Propagation
Controlling the Army
Recent Advancements in Botnet Control
Quantifying DDoS attacks
Bandwidth
Number of Attacks
Financial Gain
DDoS Capabilities
AgoBot/PhatBot DDoS Commands
SdBot DDoS Commands
The Law
Conclusion
Chapter 10 The Torpig Trojan Exposed
The Torpig Group, Part 1: Exploit Server and Master Boot Record Rootkit
Executive Summary
Torpig Exploitation and Installation
Spreading the Exploits
Torpig Trojan and Master Boot Record Trojan (MaOS)
Analysis
The Torpig Trojan, Part 2: Banking Trojan Fully Integrates MBR Rootkit
Executive Summary
Chapter 11 The Laqma Trojan
Executive Summary
Background
File and Network Information
Toolkit Back-End
Current Targets
Mitigation and Analysis
A Deeper Look at the Laqma Banking Trojan (ID# 468080)
Executive Summary
Trojan Details
Laqma Loader — Command-and-Control Registration/Upgrade
Laqma Grabber — Deploying the User-Mode Rootkit
Laqma Grabber — Persistence and Configuration Timers
Laqma — Attack Dispatcher
Laqma — Attack Handlers
Chapter 12 Better Business Bureau (BBB): A Threat Analysis of Targeted Spear-Phishing Attacks
Executive Summary
Introduction
Attack Trends: February 2007 through May 2008
Spear-Phishing Examples
History of Spear-Phishing Attacks
Early Attacks
Modern Spear-Phishing Crimeware
Groups Using Spear-Phishing Tactics
Group Overview
Group A
Tactics
Money Mule Operations
Malicious Code Capabilities
Command-and-Control Scripts
Spam Kits
Network Architecture
Targets
Group B
Command-and-Control Script Evolution
Network Architecture
Peeper
Economic Impact of Attacks
Focus on High-Value Banking
Future Attack Techniques
Code Signing
High-Resolution Data Use
Targeting of Other High-Value Systems
Automation of Transactions
Mitigation
Education through Testing
Appendix A: Catalog of Attacks
Chapter 13 SilentBanker Unmuted: An In-Depth Examination of the SilentBanker Trojan Horse
Executive Summary
Introduction to SilentBanker
The SilentBanker Trojan Dropper
Enhanced Clash Resistance
Unpacking without a Trace
Hash-Based Applications Programming Interface (API) Resolution Table
API Hook Installation
Programming Oddities in Parent Determination
The Nefarious Browser-Only Thread
Extended Functionality (API Hook Intricacies)
Ws2_32.connect IP Replacement (a.k.a. DNS Hijack) Hook
InternetReadFile and HttpSendRequest Injection/Hijack Hooks
Wininet.CommitUrlCacheEntry Cookie Retrieval Hooks
Wininet.InternetErrorDlg Basic Auth and Proxy Capture Hook
Wininet.HttpOpenRequest Anti-Cache/Proxy Hooks
Wininet.HttpAddRequestHeader Acceptable Encoding Hooks
Ws2_32.send FTP and POP3 Credential Hook
Wininet.InternetQueryDataAvailable Buffer Resize Hook
Advapi32.Crypt[ImportKeyDeriveKeyGenkey] Hooks
Kernel32.ExitProcess Un-Hook Hook
Configuration File Manifest
Reverse Engineering the File-Encoding Algorithm
HTML Injection Domains and URL Substrings
Mitigation
Snort Signatures
HTML Injection Fields Posted to Server
Conclusion
Appendix A
Appendix B
Chapter 14 Preventing Malicious Code from “Phoning Home”
Executive Summary
Outbound Channel Methods
Utilizing Open Outbound Ports
Encryption
Unusual Data Encapsulation
Steganography
Mitigating Outbound Channels
Intrusion Detection and Prevention Systems (IDS/IPS)
Protocol Compliance
Endpoint Validation
Anomaly Detection
Traffic Normalization
Conclusion
Chapter 15 Mobile Malicious Code Trends
Executive Summary
Introduction to Mobile Communications
Causes for Growth
Smaller
Better
Cheaper
Mobile Phone Operating Systems
Bluetooth, Short Messaging Service (SMS), and Multimedia Messaging Service (MMS) for Mobile Communications
Bluetooth
Short Messaging Service
Multimedia Messaging Service
Development Platforms
Binary Runtime Environment for Wireless (BREW)
Java 2 Micro Edition (J2ME)
Python
Micro-Browser-Based
.NET Compact
Linux-Based Mobile Devices
The Rise of Mobile Malicious Code
Mobile Malicious Code Summary
Mobile Malicious Code Trend Analysis
Device Convergence
Personal Computer Integration
Best Security Practices for Mobile Malicious Codes
Conclusion
Sources
Epilogue
People also search for Cyber Fraud Tactics Techniques and Procedures 1st:
7 steps of a cyber attack
7 cyber security threats
types of tactics used in cyber security
6 cyber attacks
Tags:
Rick Howard,Cyber,Tactics,Techniques