Stuxnet To Sunburst

Stuxnet to Sunburst: 20 Years of Digital Exploitation and Cyberwarfare takes the reader on a journey from the terrorist attacks of 9/11 onwards and the massive insatiable appetite, focus and investment by the Five Eyes agencies, in particular the U.S., to build the capability of digital eavesdropping and industrial espionage. With tens of trillions of dollars moving throughout hundreds of thousands of staff, and many contractors draining the country of intelligence and technical capability, the quest was simple and the outcome horrifying. No one in the world has connected the dots, until now. From digital eavesdropping and manipulation of the agencies to Stuxnet, this book covers how the world's first use of digital code and digital certificates for offensive purposes against the Iranians and their nuclear power facilities, caused collateral damage. Proceeding to today's SolarWinds attack, code-named Sunburst, the same methods of exploitation and manipulation originally used by the agencies are now being used against companies and governments with devastating effects. The SolarWinds breach has caused knock-on breaches to thousands of client companies including the U.S. government and is estimated to cost more than one trillion dollars. The monster has truly been turned against its creator and due to the lack of security and defence, breaches are occurring daily at an alarming rate. The U.S. and UK governments have little to no answer. The book also contains a chapter on breaches within the COVID-19 sector from research to immunisation and the devastating December 2020 breach of SolarWinds.

In May 2021, Jim Gosler, known as the Godfather and commander of US agencies’ cyber offensive capability, said, ''Either the Intelligence Community (IC) would grow and adapt, or the Internet would eat us alive.'' Mr Gosler was speaking at his retirement only several months before the terrorist attacks of 9/11. He possibly did not realise the catalyst or the tsunami that he and his tens of thousands of US IC offensive website operatives had created and commenced. Over the last two decades, what Mr Gosler and his army of Internet keyboard warriors created would become the modus operandi for every faceless, nameless, state-sponsored or individual cybercriminal to replicate against an unwary, ill-protected, and ignorant group of executives and security professionals who knew little to nothing about the clandestine methods of infiltration and weaponisation of the Internet that the US and UK agencies led, all in the name of security. This book covers many cyber and ransomware attacks and events, including how we have gotten to the point of massive digital utilisation, particularly during the global lockdown and COVID-19 pandemic, to online spending that will see twice the monetary amount lost to cybercrime than what is spent online. There is little to no attribution, and with the IC themselves suffering cyberattacks, they are all blamed on being sophisticated ones, of course. We are witnessing the undermining of our entire way of life, our economies, and even our liberties. The IC has lots to answer for and unequivocally created the disastrous situation we are currently in. They currently have little to no answer. We need—no, we must demand—change. That change must start by ensuring the Internet and all connections to it are secure and no longer allow easy access and exfiltration for both the ICs and cybercriminals.

Cyberattacks are nothing particularly new to the world and Ukraine had suffered many such attacks by Russia over recent years. Russia had knowingly been exploiting Ukraine’s digital vulnerabilities as a proving ground for nearly a decade. Malware such as Sandworm and BlackEnergy had caused untold damage to the Ukrainian population and government previously, which allowed Russia to perfect cyberattacks for further, more global events. Russia had been planting cyber sleeper digital cells for years, especially in the US and the UK. Then, coincidently, the week after the Chinese Winter Olympic games had finished, Russia launched an all-out cyber offensive against 70 Ukrainian government websites. Owing to these being poorly—and insecurely—maintained, they toppled one by one, causing havoc and disruption to the Ukrainian government and to Ukraine’s critical infrastructure. As Q said in James Bond: ‘I can do more damage by breakfast sipping my Earl Grey tea with my keyboard than you ever can in the field.’ Sadly, Q was right, as we witness daily. The keyboard and mouse have indeed become mightier than the sword. The barrage of cyberattacks against Ukraine constitutes the first cyberwar by one nation against another. This attack crossed a very thin red line. That line had the hallmarks of a nation state, but had until now been confined to cyber criminal activities, immaterial of whom the perpetrators were. This, however, was now war. The cyberwar was simply a precursor, the softening of a country that would precede a kinetic war in which tens of thousands of people would lose their lives. This war was the first war for nearly 80 years that rang out deathly klaxons across Europe and the world. Digital Blood on Their Hands addresses the issues that the digital world has created, covering the culpability, causal links and even liabilities that go towards these war crime atrocities, often too frightening to believe and also too compelling to dismiss. It tells a side to the world’s first ever cyberwar that you would never otherwise see or possibly hear about.

Secure your business in a post-pandemic world: Master digital risk identification and defense Purchase of the print or Kindle book includes a free PDF eBook Key FeaturesBecome well-versed with sophisticated system-level security risks and the zero-trust frameworkLearn about remote working risks, modern collaboration, and securing the digital data estateKeep up with rapidly evolving compliances and regulations and their impact on cyber risksBook Description With the rapid pace of digital change today, especially since the pandemic sped up digital transformation and technologies, it has become more important than ever to be aware of the unknown risks and the landscape of digital threats. This book highlights various risks and shows how business-as-usual operations carried out by unaware or targeted workers can lead your organization to a regulatory or business risk, which can impact your organization's reputation and balance sheet. This book is your guide to identifying the topmost risks relevant to your business with a clear roadmap of when to start the risk mitigation process and what your next steps should be. With a focus on the new and emerging risks that remote-working companies are experiencing across diverse industries, you'll learn how to manage risks by taking advantage of zero trust network architecture and the steps to be taken when smart devices are compromised. Toward the end, you'll explore various types of AI-powered machines and be ready to make your business future-proof. In a nutshell, this book will direct you on how to identify and mitigate risks that the ever- advancing digital technology has unleashed. What you will learnBecome aware of and adopt the right approach to modern digital transformationExplore digital risks across companies of all sizesStudy real-world cases that focus on post-pandemic digital transformationUnderstand insider threats and how to mitigate vulnerability exploitationGet to know how cyberwarfare targets infrastructure and disrupts critical systemsDiscover how implementing a regulatory framework can safeguard you in the current and future data landscapesWho this book is for This book is for three categories of readers—those who own a business and are planning to scale it; those who are leading business and technology charters in large companies or institutions; and those who are academically or disciplinarily targeting cybersecurity and risk management as a practice-area. Essentially, this book is for board members, and professionals working in IT, GRC, and legal domains. It will also help technology leaders, including chief digital officers, chief privacy officers, chief risk officers, CISOs, CIOs, as well as students and cybersecurity enthusiasts with basic awareness of risks to navigate the digital threat landscape.

This book explores the innovations, disruptions and changes that are required to adapt in a fast-evolving landscape due to the extraordinary circumstances triggered by the COVID-19 pandemic. Recognized experts from around the world share their research and professional experience on how the working environment, as well as the world around them, have changed due to the pandemic. Chapters consider how different fields across technology and business have been affected by this new, dramatic scenario and the drastic consequences that the pandemic had on them. With diverse contributions stemming from public health, technology strategies, urban planning and sociology to sustainable management, this volume is articulated into four distinct but complementary sections of People, Process, Planet, and Prosperity influencing the post-COVID world. This book will be of great interest to those in the fields of computer science and information technology, as well as those studying the impact and effects that COVID-19 is having on society.

Reimagine the future of the internet All our devices and gadgets—from our refrigerators to our home security systems, vacuum cleaners, and stereos—are going online, just like our computers did. But once we’ve successfully connected our devices to the internet, do we have any hope of keeping them, and ourselves, safe from the dangers that lurk beneath the digital waters? In If It’s Smart, It’s Vulnerable, veteran cybersecurity professional Mikko Hypponen delivers an eye-opening exploration of the best—and worst—things the internet has given us. From instant connectivity between any two points on the globe to organized ransomware gangs, the net truly has been a mixed blessing. In this book, the author explores the transformative potential of the future of the internet, as well as those things that threaten its continued existence: government surveillance, censorship, organized crime, and more. Readers will also find: Insightful discussions of how law enforcement and intelligence agencies operate on the internet Fulsome treatments of how money became data and the impact of the widespread use of mobile supercomputing technology Explorations of how the internet has changed the world, for better and for worse Engaging stories from Mikko's 30-year career in infosec Perfect for anyone seeking a thought-provoking presentation of some of the most pressing issues in cybersecurity and technology, If It’s Smart, It’s Vulnerable will also earn a place in the libraries of anyone interested in the future of the internet.

The United States faces major challenges in dealing with Iran, the threat of terrorism, and the tide of political instability in the Arabian Peninsula. The presence of some of the world’s largest reserves of oil and natural gas, vital shipping lanes, and Shia populations throughout the region have made the peninsula the focal point of US and Iranian strategic competition.

The only official, comprehensive reference guide to the CISSP Thoroughly updated for 2021 and beyond, this is the authoritative common body of knowledge (CBK) from (ISC)2 for information security professionals charged with designing, engineering, implementing, and managing the overall information security program to protect organizations from increasingly sophisticated attacks. Vendor neutral and backed by (ISC)2, the CISSP credential meets the stringent requirements of ISO/IEC Standard 17024. This CBK covers the current eight domains of CISSP with the necessary depth to apply them to the daily practice of information security. Revised and updated by a team of subject matter experts, this comprehensive reference covers all of the more than 300 CISSP objectives and sub-objectives in a structured format with: Common and good practices for each objective Common vocabulary and definitions References to widely accepted computing standards Highlights of successful approaches through case studies Whether you've earned your CISSP credential or are looking for a valuable resource to help advance your security career, this comprehensive guide offers everything you need to apply the knowledge of the most recognized body of influence in information security.