cybersecurity - Jason’s Feed

Books about cybercrime

A guardian article was recently published covering the top 10 cybercrime books. What they didn’t do is rank them with any third-party data. Below I’m putting those 10 books plus another with their goodreads rankings (0-5 being the best), to help me, and maybe you, choose the right book to start reading first.

Book	Rating
The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick	3.76
People Like Her by Ellery Lloyd	3.37
The Blue Nowhere by Jeffery Deaver I read this years ago and it is still one of my favorite books!	4.10
Impostor Syndrome by Kathy Wang	3.29
Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon by Kim Zetter This is nonfiction and has over 6,000 reviews on goodreads. It looks like a great place to start.	4.16
Manipulated: Inside the Cyberwar to Hijack Elections and Distort the Truth by Theresa Payton	3.91
Little Brother by Cory Doctorow	3.93
Digital Fortress by Dan Brown	3.68
DarkMarket: How Hackers Became the New Mafia by Misha Glenny	3.78
Zoo City by Lauren Beukes	3.63
Inside Jobs: Why Insider Risk Is the Biggest Cyber Threat You Can’t Ignore by Joe Payne, Jadee Hanson, Mark Wojtasiak	3.88

Cybersecurity Articles | Week of October 24, 2022

TechCrunch, Inside TheTruthSpy, the Stalkerware network spying on thousands by Zach Whittaker (Oct 26) | A database containing about 360,000 unique android devices exposed.
TechCrunch, Hive Ransomware gang leaks data stolen during Tata Power cyberattack by Carly Page, Jagmeet Singh (Oct 25) | Tata Power, which serves more than 12 million customers through its distributors, confirmed on October 14 that it had been hit by a cyberattack.
Bleeping Computer, Medibank now says hackers accessed all its customers’ personal data by Tom Toulas (Oct 26) | All customers’ personal data and significant amounts of health claims data downloaded.
Bleeping Computer, Dutch police arrest hacker who breached healthcare software vendor by Tom Toulas (Oct 25) 19 year old hacker being held by police while they investigate him. 19!
CSO Online, Iran’s nuclear energy agency confirms email server hacked by Apurva Venkat (Oct 24) | Iranian hacking group Black Reward has claimed responsibility for a breach at the email server of the country’s Bushehr nuclear power plant, in support of nationwide protests over the death of a young woman in police custody.
Wall Street Journal, ‘Deepfakes’ of Celebrities Have Begun Appearing in Ads, With or Without Their Permission by Patrick Coffee (Oct 25) | Digital simulations of Elon Musk, Tom Cruise, Leo DiCaprio and others have shown up in ads, as the image-melding technology grows more popular and presents the marketing industry with new legal and ethical questions.
Dark Reading, Stress Is Driving Cybersecurity Professionals to Rethink Roles by Staff (Oct 24) Burnout has led one-third of cybersecurity staffers to consider changing jobs over the next two years, potentially further deepening the talent shortage, research shows..

Great Recent Articles

Nature: Why scientists are turning to Rust by Jeffrey M. Perkel (Dec 11, 2020)
- Why this is interesting. RUST is seen as more secure than other older programming languages.
The Trade Secrets Network: Struggles with Insider Risk Program Stakeholders by Stacey Champagne (Sep 9)
Bleeping Computer: Web browser app mode can be abused to make desktop phishing pages by Bill Toulas (Oct 3)
CSO Online: Lessons of the Sarah Palin e-mail hack by Roger A. Grimes (Sep 19, 2008)
- Dated, but an excellent example of just how easy it is to hack an poorly secured email password.

Verizon Data Breach Reports

Full disclosure I work for Verizon. Regardless of that fact, these are information packed reports that I found fascinating.

All reports – list of cool stuff to browse through.
Data Breach Investigations Report (DBIR) – THE report that analyzes the threat landscape. It tells the story of what is happening with data breaches across industries.
Insider Threat Report – This report very much like the DBIR, but focuses specifically on insider threats. An amazing resource to get better acquainted with that the issues are and what is happening in this world.

Star Trek & Cybersecurity

These two things together. Take my money!

Hacker’s Movie Guide: The Complete List of Hacker and Cybersecurity Movies by Steven C. Morgan, Connor S. Morgan

Insider Threats: Building a repository of past incidents

This came up when it was mentioned to me a data dictionary for insider threats. Coming from data governance I had only considered these being about databases, tables and columns, when this was more about building a library of information around past incidents so that information can be used to help with insider threats in the future, build models, etc.

Searching for information around this I ran into Sarah Miller’s (Software Engineering Institute, Carnegie Mellon University, CERT) presentation, titled Leveraging Insider Threat Incident Data and Information Sharing for Increased Organizational Resiliency, which is a great primer and lead me to further information.

Still learning here but there are a few things I need to do further research on:

Cyber Observable eXpression (CybOX): is a standardized language for encoding and communicating high-fidelity information about cyber observables.
Structured Threat Information eXpression (STIX) is a standardized XML programming language for conveying data about cybersecurity threats in a common language that can be easily understood by humans and security technologies.
Trusted Automated eXchange of Indicator Information (TAXII) is a protocol used to exchange cyber threat intelligence (CTI) over HTTPS.
OpenIOC

OpenIOC is an open framework, meant for sharing threat intelligence information in a machine-readable format. It was developed by the American cybersecurity firm MANDIANT in November 2011. It is written in eXtensible Markup Language (XML) and can be easily customized for additional intelligence so that incident responders can translate their knowledge into a standard format. Organizations can leverage this format to share threat-related latest Indicators of Compromise (IoCs) with other organizations, enabling real-time protection against the latest threats.
https://cyware.com/educational-guides/cyber-threat-intelligence/what-is-open-indicators-of-compromise-openioc-framework-ed9d

OpenIOC is about sharing information. In some cases I think it would be beneficial to store this information privately if it contains sensitive information to particular breaches that happened to your organization, that you may not want to publicize, but still use for anticipating future incidents in your organization. While sharing outside the organization is ideal, some information must of course be held back.

The others listed above seem to be all protocols or language/syntax to convey this information and not actual tools of databases containing libraries of incidents.

ITMG Insider Threat Cases – A library of public incidents.
NAVIGATING THE INSIDER THREAT TOOL LANDSCAPE: LOW COST TECHNICAL SOLUTIONS TO JUMP-START AN INSIDER THREAT PROGRAM – Another great document from Software Engineering Institute, Carnegie Mellon University, but I’m not sure it exactly answers my question.

Next step, further research, especially Splunk.

Homomorphic Encryption

This is the best video I could find on the subject and I’m still not sure I really get it. But it seems complicated so I don’t feel that bad. I’ll post more as I learn more.

Hacking Google

Watch 6 amazingly well produced youtube videos about cybersecurity and how Google does cybersecurity. Absolutely fascinating and worth the time! Loved this series and wish there was more! Playlist link.

What is the Dark Web?

The dark web is a part of the internet that isn’t indexed by search engines. Basically if you can find a site on google, you are not on the dark web. So, if google doesn’t index it then how do you find it?

Navigating the dark web requires the a browser called Tor. Tor routes your data through many different proxies, hiding your IP. However, because it is doing all this with every request is slows down your experience on the web greatly.

What is the difference between the Dark Web and the Deep Web?

Deep web refers to anything on the internet that is not indexed by and, therefore, accessible via a search engine like Google. Deep web content includes anything behind a paywall or requires sign-in credentials. It also includes any content that its owners have blocked web crawlers from indexing. CSO Online

The dark web is where bad guys buy and sell your stolen identity information for example. Check out the linked CSO Online article above for more great information.