معرفی کتاب «Cyber fraud : tactics, techniques, and procedures» نوشتهٔ James Graham; Rick Howard; Ralph Thomas; Steve Winterfeld; Kellie Bryan، منتشرشده توسط نشر Auerbach Publications در سال 2009. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.
With millions lost each year, cyber crime has evolved from a minor nuisance to a major concern involving well-organized actors and highly sophisticated organizations. Combining the best of investigative journalism and technical analysis, Cyber Fraud: Tactics, Techniques, and Procedures documents changes in the culture of cyber criminals and explores the innovations that are the result of those changes. The book uses the term Botnet as a metaphor for the evolving changes represented by this underground economy. Copiously illustrated, this engaging and engrossing book explores the state of threats present in the cyber fraud underground. It discusses phishing and pharming, trojans and toolkits, direct threats, pump-and-dump scams, and other fraud-related activities of the booming cyber-underground economy. By examining the geopolitical and socio-economic foundations of a cyber threat landscape, the book specifically examines telecommunications infrastructure development, patterns and trends of internet adoption and use, profiles of specific malicious actors, threat types, and trends in these areas. This eye-opening work includes a variety of case studies ― including the cyber threat landscape in Russia and Brazil. An in-depth discussion is provided on the Russian Business Network’s (RBN) role in global cyber crime as well as new evidence on how these criminals steal, package, buy, sell, and profit from the personal financial information of consumers. Armed with this invaluable information, organizations and individuals will be better able to secure their systems and develop countermeasures to disrupt underground fraud. 9781420091274......Page 1 CYBER FRAUD: Tactics, Techniques, and Procedures......Page 3 Contents......Page 5 Introduction......Page 17 Part I: Underground Culture......Page 21 Introduction......Page 22 Government......Page 23 Purchase of Externally Discovered Vulnerabilities......Page 24 Outsourced......Page 25 Internal Discovery......Page 28 Contracted......Page 30 Purchase......Page 31 Vendors......Page 32 Compensation......Page 33 Open Market......Page 34 Underground......Page 35 Vendors......Page 36 Conclusion......Page 37 Executive Summary......Page 39 Cyber Fraud Roles......Page 40 Cashing Out......Page 41 The Model Made Real: The Carding Underground in 2007......Page 43 “Real-World” Theft......Page 45 Carding Forums......Page 46 Dumps Vendors......Page 48 Noncarding-Related Forums Used for Carding......Page 49 Iceman/Digits......Page 50 Dron......Page 51 Comparison to Data from 2004 to 2005......Page 52 Background Information on Money Mule Operations......Page 53 Increasingly Sophisticated E-Mails......Page 54 Incorporation of “Rock Phish”-–Style Tactics......Page 56 The Hong Kong Connection......Page 57 The Evolution of Cyber Fraud techniques: Phishing and Pharming......Page 61 Phishing......Page 62 Obfuscation Techniques......Page 63 Fast-Flux Phishing Sites: Too Fast for Traditional Solutions......Page 64 How Pharming Works and How It Developed......Page 65 Drive-By Pharming......Page 66 Implications......Page 67 Mitigation......Page 69 Keystroke Logging......Page 70 Phishing and Pharming Trojans......Page 71 Certificate Stealing......Page 72 Insider Threats......Page 73 Financial Gain......Page 74 Database Timing Attacks......Page 75 Laptop Theft: At Home and Abroad......Page 76 The Evolution of Cyber Fraud Techniques: “Pump-and-dump”......Page 77 How “Pump-and-Dump” Stock Scams Work......Page 78 Typical “Pump-and-Dump” Spam Activity Patterns......Page 79 Charging “Pump-and-Dump” Fraudsters......Page 80 PDFs Used in “Pump-and-Dump” Spam, Malicious E-Cards on July 4, 2007......Page 81 E-Trade “Pump-and-Dump” Scam......Page 84 Conclusion......Page 85 Executive Summary......Page 87 Foreign Politics of the Russian Federation......Page 88 Domestic Politics of the Russian Federation......Page 94 Ethnic Tensions within the Russian Federation......Page 95 Economic Background......Page 102 The Russian Information Technology Sector......Page 103 Human Capital......Page 104 Software......Page 105 Mobile Telephony......Page 106 Internet Service Providers......Page 107 Internet Penetration and Use......Page 108 The Role of Government......Page 109 Restrictions on Online Content......Page 110 Motivation/Weltanschauung: Perceptions and Targets......Page 111 The Positive Aspects of Russian Law Enforcement......Page 115 Corruption......Page 116 Corruption among Law Enforcement......Page 118 Piracy and Intellectual Property Infringement......Page 119 Insider Threat......Page 124 Financial Fraud......Page 125 Phishing/Banking Trojans......Page 126 A Shift to Malicious Code......Page 130 Web Infections......Page 131 “Pump-and-Dump” Scams......Page 133 Carding......Page 134 Distributed Denial of Service (DDoS) Attacks......Page 136 Spam......Page 139 Politically Motivated Use of Cyberspace......Page 141 May 2007 Attacks on Estonia......Page 142 The Russian Government: Sponsor of Politically Motivated Cyber attacks?......Page 145 Conclusion......Page 150 Executive Summary......Page 152 Introduction......Page 153 Economics and Business Environment......Page 154 Organized Crime......Page 155 Deregulation and Privatization of IT in the 1990s......Page 157 Internet Penetration and Use......Page 158 E-Government......Page 159 Human Capital and General Features of the IT Workforce......Page 160 Data and Public Information Systems......Page 161 Upcoming Legislative Initiatives......Page 162 Federal Law Enforcement......Page 164 State Law Enforcement......Page 165 Police and the Financial Sector......Page 167 Security Measures and Incident Handling in the Financial Sector......Page 168 Unique Features of the Brazilian Threat Environment......Page 170 Banking Trojans......Page 172 Intellectual Property Theft and Corporate Espionage......Page 176 Taxonomy of Criminal Actors and Organizations......Page 179 General Contours of Fraud Schemes......Page 180 International Connections......Page 183 Conclusion......Page 185 Executive Summary......Page 188 Rumors and Gossip......Page 189 Organization and Structure......Page 190 Affiliated Organizations......Page 192 SBTtel......Page 193 Akimon......Page 195 Nevacon Ltd.......Page 196 Eexhost......Page 197 Too Coin......Page 198 Western Express......Page 200 Absolutee......Page 201 MNS......Page 202 Infobox......Page 203 RBN Domains......Page 206 Rock Phish......Page 207 Metafisher......Page 209 IFrameCash......Page 210 Corpse’s Nuclear Grabber, OrderGun, and Haxdoor......Page 212 Gozi......Page 214 Paycheck_322082.zip......Page 215 MCollect E-Mail Harvester......Page 216 QuickTime Malicious Code and Google Adwords......Page 217 Pornography......Page 218 Pressure from the Media......Page 219 Configuration Changes and Dissolution......Page 220 Executive Summary......Page 225 Stages of Attack......Page 226 Infection......Page 227 Information Theft......Page 228 Techniques and Malicious Code Evolution......Page 229 Screenshots and Mouse Event Capturing......Page 230 Hypertext Markup Language (HTML) Injection......Page 231 Flash Cookie Stealing......Page 232 Brazilian Banking Trojans......Page 233 Pinch (Common Names: Pin, LDPinch)......Page 234 A-311 Death and Nuclear Grabber (Common Name: Haxdoor)......Page 235 Limbo (Common Name: NetHell)......Page 237 Agent DQ (Common Names: Metafisher, Nurech, BZub, Cimuz, BankEm)......Page 241 Apophis (Common Name: Nuklus)......Page 246 VisualBreeze E-Banca/VisualBriz (Common Name: VBriz, Briz, Sters)......Page 249 Snatch......Page 251 Power Grabber......Page 255 Zeus (Common Names: PRG, TCPWP, WSNPOEM)......Page 256 Spear-Phished Information-Stealing Trojans......Page 257 Service Trojan #1 (Common Names: Torpig, Sinowal, Anserin)......Page 258 Service Trojan #2 (Common Names: OrderGun, Gozi, Ursnif, Snifula, Zlobotka)......Page 259 Unknown #3 (Common Name: DotInj)......Page 262 More Unknowns......Page 263 Command-and-Control (C&C) Servers and Drop Sites......Page 264 FTP......Page 265 Bulletproof Hosting......Page 266 Fast-Flux Hosting......Page 267 Minimizing Financial Impact......Page 268 Server Logging to Flag Trojan Victims......Page 269 Stored Passwords......Page 270 Attacking Defaults......Page 271 Credential Processing......Page 272 Conclusion......Page 273 Introduction......Page 275 Increasingly Sophisticated E-mails......Page 276 Example of an E-mail Employment Solicitation for a Money Mule Position......Page 278 Incorporation of “Rock Phish”-Style Tactics......Page 279 March 2007 Posting to Whitestar’s Mailing List......Page 280 Conclusion......Page 294 Part II: Underground InnovatIon......Page 295 Executive Summary......Page 296 What Is an IFrame?......Page 297 How Attackers Use IFrames......Page 298 IFrame Attacks with Secure Socket Layers (SSLs)......Page 299 What the Attacks Look Like......Page 300 Hacking Web Sites and Web Servers......Page 303 Worms and Viruses......Page 304 Postexploitation Activities: Where Criminals Make the Real Money......Page 305 Simple IFrame Economics......Page 307 IFrame-for-Hire Networks......Page 308 The IFrame Stock Market......Page 309 Stopping IFrame Attacks......Page 313 Customer Mitigation......Page 315 The Future of IFrame Attacks......Page 316 Executive Summary......Page 318 Ping Flood Attacks......Page 319 Smurf and Fraggle Reflection Attacks......Page 320 Domain Name System (DNS) Reflection Attacks......Page 321 Resource Depletion Attacks......Page 322 Land Attack......Page 323 Motivations for Conducting DDoS Attacks......Page 325 Extortion......Page 326 DDoS and Phishing Attacks......Page 327 Operation Cyberslam......Page 328 DDoS as Revenge......Page 329 Miscellaneous......Page 330 Denial of Service (doS) and Botnets......Page 331 Bot Master......Page 333 Recruiting an Army — The Scanning Phase......Page 334 Propagation through a Central Repository......Page 335 Controlling the Army......Page 336 Recent Advancements in Botnet Control......Page 337 Number of Attacks......Page 338 Financial Gain......Page 339 AgoBot/PhatBot DDoS Commands......Page 341 Conclusion......Page 342 Torpig Exploitation and Installation......Page 343 Spreading the Exploits......Page 346 Analysis......Page 347 Executive Summary......Page 348 Background......Page 363 File and Network Information......Page 364 Toolkit Back-End......Page 365 Mitigation and Analysis......Page 368 Trojan Details......Page 369 Laqma Loader — Command-and-Control Registration/Upgrade......Page 372 Laqma Grabber — Deploying the User-Mode Rootkit......Page 374 Laqma Grabber — Persistence and Configuration Timers......Page 376 Laqma — Attack Dispatcher......Page 378 Laqma — Attack Handlers......Page 380 Executive Summary......Page 382 Introduction......Page 383 Attack Trends: February 2007 through May 2008......Page 384 Spear-Phishing Examples......Page 386 History of Spear-Phishing Attacks......Page 388 Group A......Page 389 Group A Phishing Attacks......Page 390 Money Mule Operations......Page 392 Apache Kit......Page 393 Current Code......Page 395 Command-and-Control Scripts......Page 397 Commands......Page 398 Database Layout......Page 399 Changes, Future Direction, and Group Activity......Page 400 Network Architecture......Page 401 Targeted Malicious Code Attacks on Job Seekers......Page 403 Detection......Page 405 Available Hypertext Transfer Protocol (HTTP) Commands......Page 407 MySQL Database and PHP Interface......Page 408 Changes in the Newest Versions......Page 411 Peeper......Page 412 Focus on High-Value Banking......Page 413 High-Resolution Data Use......Page 414 Automation of Transactions......Page 415 Education through Testing......Page 416 Appendix A: Catalog of Attacks......Page 417 Executive Summary......Page 420 The SilentBanker Trojan Dropper......Page 421 Enhanced Clash Resistance......Page 422 Unpacking without a Trace......Page 423 Hash-Based Applications Programming Interface (API) Resolution Table......Page 424 API Hook Installation......Page 425 The Nefarious Browser-Only Thread......Page 428 Ws2_32.connect IP Replacement (a.k.a. DNS Hijack) Hook......Page 430 InternetReadFile and HttpSendRequest Injection/Hijack Hooks......Page 431 Wininet.CommitUrlCacheEntry Cookie Retrieval Hooks......Page 434 Wininet.InternetErrorDlg Basic Auth and Proxy Capture Hook......Page 436 Wininet.HttpAddRequestHeader Acceptable Encoding Hooks......Page 438 Wininet.InternetQueryDataAvailable Buffer Resize Hook......Page 439 Reverse Engineering the File-Encoding Algorithm......Page 440 Snort Signatures......Page 443 HTML Injection Fields Posted to Server......Page 444 Conclusion......Page 445 Appendix A......Page 446 Appendix B......Page 449 Outbound Channel Methods......Page 459 Encryption......Page 460 Steganography......Page 461 Intrusion Detection and Prevention Systems (IDS/IPS)......Page 462 Anomaly Detection......Page 463 Traffic Normalization......Page 464 Conclusion......Page 465 Executive Summary......Page 466 Better......Page 467 Mobile Phone Operating Systems......Page 468 Multimedia Messaging Service......Page 469 Micro-Browser-Based......Page 470 The Rise of Mobile Malicious Code......Page 471 Mobile Malicious Code Trend Analysis......Page 473 Best Security Practices for Mobile Malicious Codes......Page 474 Sources......Page 475 Epilogue......Page 476
With millions lost each year, cyber crime has evolved from a minor nuisance to a major concern involving well-organized actors and highly sophisticated organizations. Combining the best of investigative journalism and technical analysis, Cyber Fraud: Tactics, Techniques, and Procedures documents changes in the culture of cyber criminals and explores the innovations that are the result of those changes. The book uses the term Botnet as a metaphor for the evolving changes represented by this underground economy.
Copiously illustrated, this engaging and engrossing book explores the state of threats present in the cyber fraud underground. It discusses phishing and pharming, trojans and toolkits, direct threats, pump-and-dump scams, and other fraud-related activities of the booming cyber-underground economy. By examining the geopolitical and socio-economic foundations of a cyber threat landscape, the book specifically examines telecommunications infrastructure development, patterns and trends of internet adoption and use, profiles of specific malicious actors, threat types, and trends in these areas.
This eye-opening work includes a variety of case studies including the cyber threat landscape in Russia and Brazil. An in-depth discussion is provided on the Russian Business Network’s (RBN) role in global cyber crime as well as new evidence on how these criminals steal, package, buy, sell, and profit from the personal financial information of consumers. Armed with this invaluable information, organizations and individuals will be better able to secure their systems and develop countermeasures to disrupt underground fraud.
With millions lost each year, cyber crime has evolved from a minor nuisance to a major concern involving well-organized actors and highly sophisticated organizations. Arguably one of the most important challenges of the 21st century, with millions lost each year, cyber crime has evolved from a minor nuisance to a major concern involving well-organized actors and highly sophisticated organizations. This volume explores the state of threats present in the cyber fraud underground. It discusses phishing/pharming, trojans/toolkits, direct threats, and pump-and-dump scams. By examining the operations of the cyber criminal, the book provides perspective into the general incentives, risks, and behavioral patterns of the fraudsters. Armed with this information, organizations and individuals are better able to develop countermeasures and crafting tactics to disrupt the fraud underground and secure their systems.