Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
Title Page
Copyright and Credits
Hands-On Cybersecurity for Finance
Dedication
About Packt
Why subscribe?
Packt.com
Foreword
Contributors
About the authors
About the reviewers
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Reviews
Disclaimer
Introduction to Cybersecurity and the Economy
What is cybersecurity – a brief technical description?
People
Processes
Technology
The scope of cybersecurity
Critical infrastructure security
Network security
Cloud security
Application/system security
User security
Internet of Things security
Terminologies
General description of hacking groups and cyber espionage
Hacking groups
Cyber espionage
Cybersecurity objectives
Importance of cybersecurity and its impacts on the global economy
The number of cyber attacks is growing
Cyber attacks are getting worse
Impacts on the global economy
Estimation of financial losses related to cybercrime
Finance and cybersecurity
Critical dependency of business, processes, and IT infrastructure
Economic loss
Banking and financial systems – changes from a risk and security perspective
Data breach means money
Financial repercussion of reputational damage caused by cyber attacks
Digital economy and related threats
Smart threats
Ransomware
Critical infrastructure attacks
Summary
Further reading
Cyber Crime - Who the Attackers Are
Introduction to cyber crime
Threat actors
Hacktivism
Case study – Dakota Access Pipeline
Case study – Panama Papers
Cyber terrorists
Case study – Operation Ababil
Cyber criminals
Case study – FIN7
Case study – Carbanak APT Attack
Case study – OurMine operation
Summary
Counting the Costs
The cost of a cybersecurity attack
The cost of different cyber attacks
Breakdown of the costs of a cyber attack
Production loss
Economic losses
Damaged brand and reputation
Loss of data
Fines, penalties, and litigations
Losses due to recovery techniques
Breakdown of the cost of securing an organization
Every financial institute should know Carbanak
Antivirus systems
Endpoint Detection and Response solutions
Firewall systems
Intrusion-prevention systems
Encryption
Bonus
What is Microsoft offering?
Windows 10 Defender Security Center
Windows Defender
Windows Defender Exploit Guard
Controlled folder access
Network protection
Attack surface reduction
Windows Defender Credential Guard
Windows Defender Application Guard
Windows Event Forwarding
Windows Defender Advanced Threat Protection
Protecting privileged identities
How do privileged identities get compromised?
How to prevent attackers from gaining access to privileged identities
Summary
Further reading
The Threat Landscape
Threats against end customers
Credit card fraud
Application fraud
Card-not-present fraud
Compromised account fraud
Credit card testing
Financial Trojans
Case study – BackSwap Trojan
Case study – Ramnit
Case study – Bebloh
Phishing
Case study – immediate action required
Pretexting
Dumpster diving
Mobile fraud
Threats against financial institutes
ATM attacks
POS attacks
Denial of service
Ransomware
Blackmailing
Summary
Phishing, Spamming, and Scamming to Steal Data and Money
Phishing scams
Evolution of phishing
Social engineering emails
Spear phishing
Business email compromise or whaling
Credential theft using malicious software
Ardamax
LokiBot
Characteristics of phishing emails
Spamming
How spammers get email addresses
How spammers make money
Advertising
Malware
Storm
Triout
Botnets
Characteristics of spam emails
Summary
Further reading
The Malware Plague
Malware categories
Computer virus
Computer worm
SQL Slammer worm
Crypto worm
WannaCry
Trojan
Bebloh
Zeus
Rootkit
Torpig
Spyware
Adware
Malware trends
Malware infection vectors
Injected by remote attacker
Email
Auto-executed web infection
User-executed web infection
Installed by other malware
Network propagation
Portable media
Coded into existing software
Summary
Vulnerabilities and Exploits
Detecting vulnerabilities
Exploitation techniques
Buffer overflow
Integer overflow
Memory corruption
Format string attacks
Race condition
Cross-site scripting
One-click attack
SQL injections
Exploitation delivery
Summary
Further reading
Attacking Online Banking Systems
Online banking benefits for financial services
The online banking process
Attack techniques
Summary
Further reading
Vulnerable Networks and Services - a Gateway for Intrusion
Vulnerable network protocols and network intrusions
Simple Mail Transfer Protocol
Secure Sockets Layer
Domain Name System
Packet sniffing
Distributed denial of service
Attacking web servers and web-based systems
SQL injection
Buffer overflow
Advanced Google search operators
Brute-force attacks
Medusa
Brutus
Bypassing web protection
Bypassing captcha
Bypassing two-factor authentication
Bypassing firewalls
Hacking wireless networks
Hacking wireless networks
Aircrack-ng
Kismet
Wireshark
Hacking Bluetooth
Vulnerable network devices
Summary
Further reading
Responding to Service Disruption
Cybersecurity incidents
Fundamentals
Data knowledge
Monitoring
Attack surface analysis
Vendor management
Incident response and management
Phase 1 – preparation
Phase 2 – detection and analysis
Phase 3 – containment
Phase 4 – eradication and recovery
Phase 5 – post-incident activity
Summary
Further reading
The Human Problem - Governance Fail
Business versus security
Failing security management
Lack of adoption of cybersecurity initiatives
Lack of organization and planning
Poor leadership
Careless online behavior
Insider threats
Technological transformation of financial services
Failure in implementing security policies
Summary
Further reading
Securing the Perimeter and Protecting the Assets
Network models
Single trust network model
Dual trust network model
Zero trust network model
Microsoft 365 zero trust network models
Endpoint security
Endpoint security threats
Physical access
Malicious code execution
Device-based attack
Communication interception
Insider threats
Decreased productivity
Modern endpoint security
Device protection
Threat resistance
Identity protection
Information protection
Breach detection investigation and response
Summary
Further reading
Threat and Vulnerability Management
Vulnerability management strategy
Asset inventory
Information management
Risk assessment
Vulnerability analysis
Threat analysis
Risk acceptance
Vulnerability assessment
Reporting and remediation
Defining vulnerabilities in a few steps
From vulnerability to threat
Multiplying threats
Multiplying risk
The root cause of security issues
Vulnerability management tools
Implementation of vulnerability management
Best practices for vulnerability management
Assess yourself
Tying vulnerability assessments into business impact
Take an active role
Identify and understand the business processes
Pinpoint the applications and data
Try to find hidden data sources
Determine the hardware structure
Map the network infrastructure to hardware
Identify the controls
Run the vulnerability scans
Read the results of the scans
Conduct penetration testing by third parties as well
Understanding risk management
Defense in depth approach
Best practices for protecting your environment
Summary
Further reading
Audit, Risk Management, and Incident Handling
IT auditing
Evaluating the systems, policies, and processes that secure the organization
Determining the risks to the company's assets
Ensuring that the organization is compliant with the relevant regulations
Determining inefficiencies in the IT infrastructure and management
Risk management
Identification
Risk analysis
Risk assessment
Risk mitigation
Risk monitoring
Incident handling
Preparation
Identification
Containment
Recovery and analysis
Summary
Further reading
Encryption and Cryptography for Protecting Data and Services
Encryption
Early encryption methods
Encryption today
Symmetric encryption
Asymmetric encryption
Protecting data and services with cryptography
Data at rest
Full disk encryption
File encryption
Data in transit
End-to-end encryption
Encrypted web connection (SSL and TLS)
Encrypted email servers
Examples of encryption algorithms
Advanced Encryption Standard (AES)
Triple DES
RSA
Blowfish
Encryption challenges
Summary
Further reading
The Rise of the Blockchain
Introduction to Blockchain technology
Consensus mechanisms in a Blockchain
Proof of work
Proof of stake
Applications of Blockchain technology
Recording purposes
Digital identity
Government purposes
Financial applications
Cryptocurrencies
Cryptocurrency wallets
Desktop wallets
Web wallets
Mobile wallets
Hardware wallets
Paper wallets
Challenges to cryptocurrencies
Unstable value
Theft
Exchange risks
Blockchain challenges and future
Summary
Further reading
Artificial Intelligence and Cybersecurity
Threat landscape evolution
Artificial Intelligence
Narrow Artificial Intelligence
True Artificial Intelligence
Technologies powering Artificial Intelligence
Artificial Intelligence-powered cybersecurity
Use cases
Summary
Further reading
The Quantum Future
Evolution of the quantum technology
1965
1980
1985
1994
1995
1996–present
The quantum technology race
Quantum communication
Quantum computation
Quantum simulation
Quantum sensing
Quantum software
Quantum technology breakthroughs
Impacts of the quantum technology
Communication
Mining
Finance
Defense
Health
Energy
Big data
Artificial Intelligence
Summary
Further reading
Other Books You May Enjoy
Leave a review - let other readers know what you think
← Prev
Back
Next →
← Prev
Back
Next →