As the world struggles to slowly recover from the COVID-19 pandemic, protests and even riots are breaking out across America in response to George Floyd’s death in Minneapolis.
Meanwhile, cyberattack stories, which would normally be getting much more attention under different circumstance, are rarely even discussed on the local news or news channels like Fox and CNN.
And yet, the significant cyber stories continue to grow in the spring of 2020.
- CBS News: NSA warns of new cyberattacks by Russian military hackers
- NY Times: Israel Hack of Iran Port Is Latest Salvo in Exchange of Cyberattacks
- The Times of Israel: ‘Cyber winter is coming,’ warns Israel cyber chief after attack on water systems
Here’s a quote from the last article from Israel: “Rapid is not something that describes enough how fast and how crazy and hectic things are moving forward in cyberspace and I think we will remember this last month and May 2020 as a changing point in the history of modern cyber warfare,” he said in a video address to CybertechLive Asia, a digital international cyberconference.
When we add in the growing body of evidence related to increases in hacking, cyberattacks and data breaches during the COVID-19 global pandemic, which I have highlighted over the past few months, we see a pattern that is making the Internet less safe.
A Wider, Deeper Look at Cyber Warfare — Truth, Tactics, and Strategies
But I want to take a slightly different take at this topic in this blog, with a set of solutions offered by Dr. Chase Cunningham in his new book Cyber Warfare — Truth, Tactics and Strategies.
As background on the author, Cunningham is a retired Navy chief cryptologist with more than 20 years’ experience in cyber forensic and analytic operations.
In his current role, Cunningham primarily guides client initiatives related to security operations center (SOC) planning and optimization, counter-threat operations, encryption, network security, and strategic concepts and implementation. He helps senior technology executives with their plans to leverage comprehensive security controls and the use of a variety of standards, frameworks and tools to enable secure business operations. Cunningham focuses on integrating security into operations; leveraging advanced security solutions; empowering operations through artificial intelligence and machine learning; and planning for future growth within secure systems.
Previously, Cunningham served as a director of cyber threat intelligence operations at Armor. He was the computer network exploitation lead for Telecommunication Systems and the chief of cyber analytics for Decisive Analytics. Cunningham has past operations experience, stemming from time spent in work centers within the NSA, CIA, FBI and other government agencies. In those roles, he helped clients operationalize security controls; install and leverage encryption and analytic systems; and grow and optimize their security operations command systems and centers.
Cunningham holds a Ph.D. and M.S. in computer science from Colorado Technical University and a B.S. from American Military University focused on counterterrorism operations in cyberspace.
I like the practical aspects of this book. The topics covered include:
Chapter 1: A Brief History of Cyber Threats and the Emergence of the APT Designator — This chapter will dive into the real history of cyberthreats and their emergence in the space and provide some background on nation state APT designations.
Chapter 2: The Perimeter Is Dead — In this chapter, we’ll go through all the intricacies and details that prove that the perimeter-based model of security failed years ago.
Chapter 3: Emerging Tactics and Trends — What Is Coming? — This chapter will be a journey down the rabbit hole into the future of cyber warfare tools and tactics and will provide examples of the new trends in this ever-evolving space.
Chapter 4: Influence Attacks — Using Social Media Platforms for Malicious Purposes — In this chapter, we will cover the ways in which social media and influence can be weaponized for cyber warfare tactics.
Chapter 5: DeepFakes and AI/ML in Cyber Security — In this chapter, you will learn about the reality of artificial intelligence and machine learning in cybersecurity and delve into the practical applications of these often-misunderstood technologies.
Chapter 6: Advanced Campaigns in Cyber Warfare — In this chapter, we will get into the types of attack campaigns and their real-world implications.
Chapter 7: Strategic Planning for Future Cyber Warfare — In this chapter, we will break down the specifics around how to better plan for cyberwarfare and why strategy matters in digital combat.
Chapter 8: Cyber Warfare Strategic Innovations and Force Multipliers — This chapter is going to provide specific examples of what tools and technologies there are on the market that can help exponentially increase an organizations defensive posture.
Chapter 9: Bracing for Impact — In this chapter, you will be offered examples of how to apply tooling, tactics and strategies to brace for the impact of a cyberattack and ways in which your organization can better respond when things go awry.
Chapter 10: Survivability in Cyber Warfare and Potential Impacts for Failure — In this chapter, we will cover essential ideas for defensive strategic planning and provide real-world examples of what may happen when cyberwarfare tactics go big.
Appendix: Major Cyber Incidents Throughout 2019 — A list of recent major cyberincidents throughout 2019, categorized by the class of attack, as presented in Chapter 6.
Favorite Parts of the Book
Here are a few of my favorite sections:
Chapter 2 on how the perimeter is dead in cybersecurity. Also, the examples of sextortion and insider threats listed at the end of chapter 2. List of people who paid ransoms is being shared on the dark web. This section includes this excerpt:
“Nghia Hoang Pho of Ellicot City, Maryland, worked at the Tailored Access Operations unit within the NSA. Pho claimed during his trial that he was taking files home to “Work after hours and earn a promotion” but still he was able to steal (albeit unintentionally, he claims) the highly protected files because of the access and trust within the network that he was provided. It is thought that his home computer was the likely exfiltration point for the Shadow Brokers leaks of the NSA-level tools.”
The discussion of #Hashtag or ammunition in Chapter 4.
Chapter 5 on DeepFakes. In a section on page 127 on ReadFakes, the author describes how easy it is to learn and imitate Shakespeare to become Fakespeare. He writes: “Using scale and speed, the malicious actor could then work to generate very realistic text that mimics an author for a variety of potentially negative outputs. Fake blogs, reports, papers, or literally any other variance of text could be generated. Some even in real time, that could then be posted to try and manipulate an opinion or a user’s position on a topic.”
I also like Chapter 7 on strategic planning for future cyberwarfare. He makes that point that the environment determines what works, not the equipment. He also defines what an effective strategy looks like.
In Chapter 10, he covers “5 Laws of Cyberwarfare.” These include:
“Law 1” — Default means dead
“Law 2” — Think strategically, move tactically
“Law 3” — Details, details
“Law 4” — Kill the password
“Law 5” — Limit the blast radius
In the first case, Cunningham gives examples of how easy it is to hack computer systems with default settings. He provides diagrams and screens shots showing the results obtained in under five minutes.
Overall Book Review: 4.5 Stars
I like this book for many reasons, and it is not a difficult read for technology and security pros. At 309 pages, including the index, it is much thinner and less comprehensive (and less intimidating) than Cybersecurity — Attack and Defense Strategies, which I reviewed back in April from the same publisher.
Nevertheless, the practical stories and overall coverage of the cyberwarfare topic make this an excellent choice that you will get through much faster and for less money. You will also learn a lot.
If you are looking to get a deeper and wider understanding of what’s happening in the Internet world today regarding global cyberattacks. I would buy and read one of these two books.