Stuxnet to Sunburst: 20 Years of Digital Exploitation and Cyberwarfare takes the reader on a journey from the terrorist attacks of 9/11 onwards and the massive insatiable appetite, focus and investment by the Five Eyes agencies, in particular the U.S., to build the capability of digital eavesdropping and industrial espionage. With tens of trillions of dollars moving throughout hundreds of thousands of staff, and many contractors draining the country of intelligence and technical capability, the quest was simple and the outcome horrifying. No one in the world has connected the dots, until now. From digital eavesdropping and manipulation of the agencies to Stuxnet, this book covers how the world's first use of digital code and digital certificates for offensive purposes against the Iranians and their nuclear power facilities, caused collateral damage. Proceeding to today's SolarWinds attack, code-named Sunburst, the same methods of exploitation and manipulation originally used by the agencies are now being used against companies and governments with devastating effects. The SolarWinds breach has caused knock-on breaches to thousands of client companies including the U.S. government and is estimated to cost more than one trillion dollars. The monster has truly been turned against its creator and due to the lack of security and defence, breaches are occurring daily at an alarming rate. The U.S. and UK governments have little to no answer. The book also contains a chapter on breaches within the COVID-19 sector from research to immunisation and the devastating December 2020 breach of SolarWinds.

In May 2021, Jim Gosler, known as the Godfather and commander of US agencies’ cyber offensive capability, said, ''Either the Intelligence Community (IC) would grow and adapt, or the Internet would eat us alive.'' Mr Gosler was speaking at his retirement only several months before the terrorist attacks of 9/11. He possibly did not realise the catalyst or the tsunami that he and his tens of thousands of US IC offensive website operatives had created and commenced. Over the last two decades, what Mr Gosler and his army of Internet keyboard warriors created would become the modus operandi for every faceless, nameless, state-sponsored or individual cybercriminal to replicate against an unwary, ill-protected, and ignorant group of executives and security professionals who knew little to nothing about the clandestine methods of infiltration and weaponisation of the Internet that the US and UK agencies led, all in the name of security. This book covers many cyber and ransomware attacks and events, including how we have gotten to the point of massive digital utilisation, particularly during the global lockdown and COVID-19 pandemic, to online spending that will see twice the monetary amount lost to cybercrime than what is spent online. There is little to no attribution, and with the IC themselves suffering cyberattacks, they are all blamed on being sophisticated ones, of course. We are witnessing the undermining of our entire way of life, our economies, and even our liberties. The IC has lots to answer for and unequivocally created the disastrous situation we are currently in. They currently have little to no answer. We need—no, we must demand—change. That change must start by ensuring the Internet and all connections to it are secure and no longer allow easy access and exfiltration for both the ICs and cybercriminals.

Cyberattacks are nothing particularly new to the world and Ukraine had suffered many such attacks by Russia over recent years. Russia had knowingly been exploiting Ukraine’s digital vulnerabilities as a proving ground for nearly a decade. Malware such as Sandworm and BlackEnergy had caused untold damage to the Ukrainian population and government previously, which allowed Russia to perfect cyberattacks for further, more global events. Russia had been planting cyber sleeper digital cells for years, especially in the US and the UK. Then, coincidently, the week after the Chinese Winter Olympic games had finished, Russia launched an all-out cyber offensive against 70 Ukrainian government websites. Owing to these being poorly—and insecurely—maintained, they toppled one by one, causing havoc and disruption to the Ukrainian government and to Ukraine’s critical infrastructure. As Q said in James Bond: ‘I can do more damage by breakfast sipping my Earl Grey tea with my keyboard than you ever can in the field.’ Sadly, Q was right, as we witness daily. The keyboard and mouse have indeed become mightier than the sword. The barrage of cyberattacks against Ukraine constitutes the first cyberwar by one nation against another. This attack crossed a very thin red line. That line had the hallmarks of a nation state, but had until now been confined to cyber criminal activities, immaterial of whom the perpetrators were. This, however, was now war. The cyberwar was simply a precursor, the softening of a country that would precede a kinetic war in which tens of thousands of people would lose their lives. This war was the first war for nearly 80 years that rang out deathly klaxons across Europe and the world. Digital Blood on Their Hands addresses the issues that the digital world has created, covering the culpability, causal links and even liabilities that go towards these war crime atrocities, often too frightening to believe and also too compelling to dismiss. It tells a side to the world’s first ever cyberwar that you would never otherwise see or possibly hear about.

The Oxford Handbook of Nuclear Security provides a comprehensive examination of efforts to secure sensitive nuclear assets and mitigate the risk of nuclear terrorism and other non-state actor threats. It aims to provide the reader with a holistic understanding of nuclear security through exploring its legal, political, and technical dimensions at the international, national, and organizational levels. Recognizing there is no one-size-fits-all approach to nuclear security, the book explores fundamental elements and concepts in practice through a number of case studies which showcase how and why national and organizational approaches have diverged. Although focused on critiquing past and current activities, unexplored yet crucial aspects of nuclear security are also considered, and how gaps in international efforts might be filled. Contributors to the handbook are drawn from a variety of different disciplinary backgrounds and experiences, to provide a wide range of perspectives on nuclear security issues and move beyond the Western narratives that have tended to dominate the debate.These include scholars from both developed and developing nuclear countries, as well as practitioners working in the field of nuclear security in an effort to bridge the gap between theory and practice.

Secure your business in a post-pandemic world: Master digital risk identification and defense Purchase of the print or Kindle book includes a free PDF eBook Key FeaturesBecome well-versed with sophisticated system-level security risks and the zero-trust frameworkLearn about remote working risks, modern collaboration, and securing the digital data estateKeep up with rapidly evolving compliances and regulations and their impact on cyber risksBook Description With the rapid pace of digital change today, especially since the pandemic sped up digital transformation and technologies, it has become more important than ever to be aware of the unknown risks and the landscape of digital threats. This book highlights various risks and shows how business-as-usual operations carried out by unaware or targeted workers can lead your organization to a regulatory or business risk, which can impact your organization's reputation and balance sheet. This book is your guide to identifying the topmost risks relevant to your business with a clear roadmap of when to start the risk mitigation process and what your next steps should be. With a focus on the new and emerging risks that remote-working companies are experiencing across diverse industries, you'll learn how to manage risks by taking advantage of zero trust network architecture and the steps to be taken when smart devices are compromised. Toward the end, you'll explore various types of AI-powered machines and be ready to make your business future-proof. In a nutshell, this book will direct you on how to identify and mitigate risks that the ever- advancing digital technology has unleashed. What you will learnBecome aware of and adopt the right approach to modern digital transformationExplore digital risks across companies of all sizesStudy real-world cases that focus on post-pandemic digital transformationUnderstand insider threats and how to mitigate vulnerability exploitationGet to know how cyberwarfare targets infrastructure and disrupts critical systemsDiscover how implementing a regulatory framework can safeguard you in the current and future data landscapesWho this book is for This book is for three categories of readers—those who own a business and are planning to scale it; those who are leading business and technology charters in large companies or institutions; and those who are academically or disciplinarily targeting cybersecurity and risk management as a practice-area. Essentially, this book is for board members, and professionals working in IT, GRC, and legal domains. It will also help technology leaders, including chief digital officers, chief privacy officers, chief risk officers, CISOs, CIOs, as well as students and cybersecurity enthusiasts with basic awareness of risks to navigate the digital threat landscape.

‘Insecure Digital Frontiers’ is an immersive exploration into the tumultuous realm of cybersecurity, where the ever-expanding digital frontiers are both the battleground and the prize. From the shadows of cybercriminal exploits to the sophisticated dance of advanced persistence threats, this book delves into the vulnerabilities that define our interconnected world. With a panoramic lens, it navigates through the challenges and opportunities that shape the global cybersecurity landscape, offering readers a comprehensive understanding of the insecurities that permeate our digital existence. ‘Insecure Digital Frontiers’ is not just a book; it is an exploration of the insecurities that define our digital age. It matters because it goes beyond the surface, unraveling the complexities of cyber threats while providing actionable insights for individuals, organizations, and policymakers. In a world where the digital frontier is both a promise and a peril, this book serves as a guide for navigating the insecurities that define our interconnected existence. Embark on this journey through the "Insecure Digital Frontiers" and discover the vulnerabilities that lurk in the shadows, the innovations that promise security, and the collective responsibility we share in securing our digital future.

Get up to speed on state-of-the-art malware with this first-ever guide to analyzing malicious Windows software designed to actively avoid detection and forensic tools. We’re all aware of Stuxnet, ShadowHammer, Sunburst, and similar attacks that use evasion to remain hidden while defending themselves from detection and analysis. Because advanced threats like these can adapt and, in some cases, self-destruct to evade detection, even the most seasoned investigators can use a little help with analysis now and then. Evasive Malware will introduce you to the evasion techniques used by today’s malicious software and show you how to defeat them. Following a crash course on using static and dynamic code analysis to uncover malware’s true intentions, you’ll learn how malware weaponizes context awareness to detect and skirt virtual machines and sandboxes, plus the various tricks it uses to thwart analysis tools. You’ll explore the world of anti-reversing, from anti-disassembly methods and debugging interference to covert code execution and misdirection tactics. You’ll also delve into defense evasion, from process injection and rootkits to fileless malware. Finally, you’ll dissect encoding, encryption, and the complexities of malware obfuscators and packers to uncover the evil within. You’ll learn how malware: Abuses legitimate components of Windows, like the Windows API and LOLBins, to run undetected Uses environmental quirks and context awareness, like CPU timing and hypervisor enumeration, to detect attempts at analysis Bypasses network and endpoint defenses using passive circumvention techniques, like obfuscation and mutation, and active techniques, like unhooking and tampering Detects debuggers and circumvents dynamic and static code analysis You’ll also find tips for building a malware analysis lab and tuning it to better counter anti-analysis techniques in malware. Whether you’re a frontline defender, a forensic analyst, a detection engineer, or a researcher, Evasive Malware will arm you with the knowledge and skills you need to outmaneuver the stealthiest of today’s cyber adversaries.