Summary of Andy Greenberg's Sandworm , livre ebook

Everest Media LLC - Everest Media

Découvre YouScribe en t'inscrivant gratuitement

Je m'inscris

Obtenez un accès à la bibliothèque pour le consulter en ligne
En savoir plus

42 pages

English

Vous pourrez modifier la taille du texte de cet ouvrage

Obtenez un accès à la bibliothèque pour le consulter en ligne
En savoir plus

A propos
Informations
Extrait

Description

Please note: This is a companion version & not the original book.
Sample Book Insights:
#1 iSight Partners, a private intelligence firm, had a team that specialized in software vulnerability research. In 2014, they discovered a secret security flaw in Microsoft Office that allowed hackers to break out of the confines of the software application and begin to execute their own code on a target computer.
#2 iSight’s Ukrainian staff found the email, and Hultquist, the company’s loud and bearish army veteran, made a point of periodically shouting from his desk into the bull pen. He burst out of his office and into the room, briefing the room and assigning tasks to triage what would become one of the biggest finds in the small company’s history.
#3 The hackers had used the feature to carefully plant two chunks of data within the presentation. The first was loaded into a temporary folder on the target computer. The second took advantage of PowerPoint’s animation feature: when the presentation loaded that animation file, it would run an automated script that right-clicked on the first file and click install on the resulting drop-down menu, giving that code a foothold on the computer without tipping off its user.
#4 Zero days do have authors. When Erickson had first begun to pull apart the attack in his blacked-out workshop that morning, he hadn’t simply been studying some naturally occurring, inanimate puzzle. He was admiring the first hints of a remote, malevolent intelligence.

Sujets

Security

Informations

Publié par	Everest Media LLC
Date de parution	23 mars 2022
Nombre de lectures	0
EAN13	9781669358411
Langue	English
Poids de l'ouvrage	1 Mo

Informations légales : prix de location à la page 0,0150€. Cette information est donnée uniquement à titre indicatif conformément à la législation en vigueur.

Extrait

Insights on Andy Greenberg's Sandworm
Contents Insights from Chapter 1 Insights from Chapter 2 Insights from Chapter 3 Insights from Chapter 4 Insights from Chapter 5 Insights from Chapter 6
Insights from Chapter 1

#1

iSight Partners, a private intelligence firm, had a team that specialized in software vulnerability research. In 2014, they discovered a secret security flaw in Microsoft Office that allowed hackers to break out of the confines of the software application and begin to execute their own code on a target computer.

#2

iSight’s Ukrainian staff found the email, and Hultquist, the company’s loud and bearish army veteran, made a point of periodically shouting from his desk into the bull pen. He burst out of his office and into the room, briefing the room and assigning tasks to triage what would become one of the biggest finds in the small company’s history.

#3

The hackers had used the feature to carefully plant two chunks of data within the presentation. The first was loaded into a temporary folder on the target computer. The second took advantage of PowerPoint’s animation feature: when the presentation loaded that animation file, it would run an automated script that right-clicked on the first file and click install on the resulting drop-down menu, giving that code a foothold on the computer without tipping off its user.

#4

Zero days do have authors. When Erickson had first begun to pull apart the attack in his blacked-out workshop that morning, he hadn’t simply been studying some naturally occurring, inanimate puzzle. He was admiring the first hints of a remote, malevolent intelligence.

#5

Once the initial frenzy surrounding the zero day had died down, questions remained: Who had written the attack code. Whom were they targeting with it, and why. Those questions fell to Drew Robinson, a malware analyst at iSight.

#6

In late 2007, the security firm Arbor Networks counted more than thirty botnets built with BlackEnergy, mostly aiming their attacks at Russian websites. But on the spectrum of cyberattack sophistication, distributed denial-of-service attacks were largely crude and blunt.

#7

The use of BlackEnergy by these hackers was no longer for indiscriminate theft, but for precise spy operations.

#8

The BlackEnergy malware had a so-called campaign code that identified it as having come from the Ukrainian hackers. Robinson was able to decipher the malware’s configuration settings, which contained a so-called campaign code that was immediately recognized by Robinson as being from his private life as a science fiction nerd: arrakis02.

#9

The setting of Dune, a book by Frank Herbert, is the desert planet Arrakis, where the novel takes place. Arrakis is the planet where the Fremen, a tribe of people who can ride sandworms, live.

#10

Robinson began to match the Dune references in the malware samples he found to lure documents that seemed to be targeting specific victims. Some of the victims didn’t seem to fit the usual profile of Russian geopolitical espionage.

#11

iSight, the company that had uncovered the group, named them Sandworm. They had a simple name, but they needed a catchy one. They chose Bene Gesserit, a reference to a mystical order of women in the book Dune who possess near-magical powers of psychological manipulation.

#12

iSight’s discovery of a five-year-running, zero-day-equipped, Dune-themed Russian espionage campaign had rippled across the industry and the media. But two weeks later, another security researcher in Japan found a match for one of the IP addresses in Sandworm’s command-and-control servers, pointing to a server in Stockholm.

#13

ICS software is used for everything from the ventilators that circulate air in Peabody’s mines to the massive washing basins that scrub coal, to the generators that burn coal in power plants.

#14

Suddenly, the targets iSight had been investigating for cybercrime suddenly seemed to be engaged in nation-state level intelligence gathering.

#15

Hultquist, like many others in the cybersecurity field, had been anticipating cyberwar’s arrival: a new era that would apply hackers’ digital abilities to the older, more familiar worlds of war and terrorism.

#16

Hultquist, after his tour of duty, returned to the United States and finished college. He got a job teaching a course on psychological operations at Fort Dix in New Jersey, and later moved to one of the Information Sharing and Analysis Centers, or ISACs, that had been created around the country in the years after 9/11 to address possible terrorism threats.

#17

Hultquist’s team found that Sandworm was far more advanced than any other Russian cyber weapon, and could potentially be used to attack civilian infrastructure.

#18

Hultquist’s interest in Sandworm grew as he learned more about it. He began to bring it up constantly with iSight's analysts, with reporters, and with other members of the security industry.

#19

Sandworm’s identity was never revealed, but it was clear that the group had ties to Russia and global attack ambitions. Its activities received no attention from White House officials or the press.

#20

In October 2015, Yasinsky was working as the director of information security at StarLightMedia, Ukraine’s largest TV broadcasting conglomerate. Two of the company’s servers went off-line inexplicably, and it soon became clear that the machines had been wiped and infected with malware. Someone had planted a logic bomb at the heart of the company’s network.

#21

After the attack, Yasinsky was able to extract the malware’s code. He was shocked by the layers of obfuscation; the malware had evaded all antivirus scans. It had even impersonated an antivirus scanner itself, Microsoft’s Windows Defender.

#22

Oleksii Yasinsky, a Ukrainian boy, had a typical Soviet childhood. He spent hours painstakingly reading manuals he found at the local radio market, writing code in BASIC and later assembly, and filling the screen with pixel art depictions of wire-frame spaceships.

#23

When he was released from the army, Yasinsky went back to studying computer science at the Kiev Polytechnic Institute. He landed a job at Kyivstar, Ukraine’s largest telecom provider, and was trained to fight fraud and crime.

#24

In the late 2000s, Yasinsky began working on digital versions of the same cat-and-mouse game he had played with physical criminals. But instead of dealing with small criminal operations, he was now dealing with highly organized fraud operations.

#25

Ukraine has been invaded many times by foreign powers, and has long been dominated by its larger and more aggressive brother to the north, Russia.

#26

Ukraine’s history is one of dark chapters, as their country was dominated by Russia for much of the past century. The Soviet Union exploited Ukraine’s fertile black soil, and when the food shortages resulted, they simply starved the country into submission.

#27

The Holodomor was the result of Soviet policies that restricted travel and food distribution, which led to the deaths of 13 percent of Ukraine’s population.

#28

Ukraine was split between those who supported the Nazis and those who fought in the Soviet Union, and even those who aided in the Holocaust were given a free pass by the Soviets. The Nazis rounded up 2. 8 million Soviet citizens and shipped them to Germany to work in factories for slave wages.

#29

On April 25, 1986, a massive explosion occurred at the Chernobyl nuclear plant near the northern Ukrainian town of Pripyat, killing two engineers. For weeks after, Moscow-based state news agencies made no mention of the ongoing disaster.