Book review: Cyberdanger: Understanding and Guarding Against Cybercrime

Posted by    on   Sep 16, 2019

 Security researcher Paul Baccas reviews 'Cyberdanger: Understanding and Guarding Against Cybercrime' by Eddy Willems

 

cyberdanger-willems.jpg

Title: Cyberdanger: Understanding and Guarding Against Cybercrime
Author: Eddy Willems
Publisher: Springer
ISBN-10: 3030045307
ISBN-13: 978-3030045302

 

This was a difficult book to review for two reasons – first, because I know Eddy from the conference circuit, and second, because it was not without flaws. Many, if not all, of the flaws are probably due to the editing and translation (this is an English translation from the original Dutch), but I have a feeling that the book would have been better had it been either been longer (it struggles to cover everything), or else shorter and tighter.

The book has an introduction and a familiar three-part structure. There are no appendices or footnotes, making it different from other books I have reviewed here. We are introduced to the author in his inimitable, friendly and frenzied style before starting the 12 chapters of content.

The first part, consisting of the first two chapters, concerns itself with a short summary of the history of malware and a description of the people who write malware.

The second part – the next four chapters – is concerned with the current dangers on the Internet, the types of threat actors (nation-state actors, hacktivists, criminals, etc.), anti-virus companies and associations, and types of threats.

The third and final part provides some practical advice and recommendations, with a final thought on the future.

The book is rounded off in the 13th chapter with a short techno-thriller which, while entertaining, is not quite up to the standards of Mark Russinovich (1, 2, 3, 4) or Daniel Suarez.

The content of each chapter is self-contained and probably should be read piecemeal. Indeed, the book's structure is more like a set of articles with a structure imposed from above than a book built from the ground up. Eddy himself says:

"Many of the views I hold, and tactical tips as expressed in this book, were drawn from [...] blogs."

This means there is some repetition, for example between the first chapter, 'Thirty Years of Malware: A Short Outline', and the chapter on 'Today's Threats' in the definitions. Later, the importance of patching and backing up is repeated, and while I think we can all agree that they are important, the manner in which you repeat things is crucial.

That said, you can feel the author's love and knowledge of the subjects coming through the pages. He has obviously enjoyed his 30 years in the industry and is looking forward to the next 14.

This is the first security book on the subject of malware that I remember being written by an AV industry insider. The computer security field, is very broad and diverse, ranging from anti-virus to encryption, hardware to software, bug hunters to pen-testers. Everyone has an opinion on malware and the anti-virus companies, and most appear to denigrate AV and lionize others: malware authors or independents. This is probably because it is difficult to like the faceless multi-nationals. Eddy's opinions and insights are a refreshing change, working as he has in industry and with government, and he presents the softer face of the AV industry.

What really makes this book are the vignettes scattered through the pages like flowers in a meadow, whether his own ('the story of the Saudi airport') or others articles from industry stalwarts such as Righard Zwienenberg and even Graham Cluley. The book will find an audience in those entering the computer security field or those who wish to know slightly more about the inside of the AV industry and don't have 30 years to spend immersed in the day-to-day grind.

At VB2019, Eddy Willems will present a paper, co-written with ESET's Righard Zwienenberg, on how the same security events keep occurring, drawing on the experiences of 30-years of working in this field. VB2019 takes place in London 2-4 October - register now!

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VB2020 localhost call for last-minute papers now open!

The call for last-minute papers for VB2020 localhost is now open. Submit before 17 August to have your paper considered for one of the nine slots reserved for 'hot' research!

Announcing... VB2020 localhost

Announcing VB2020 localhost: the carbon neutral, budget neutral VB conference!

VB2019 paper: APT cases exploiting vulnerabilities in region-specific software

At VB2019, JPCERT/CC's Shusei Tomonaga and Tomoaki Tani presented a paper on attacks that exploit vulnerabilities in software used only in Japan, using malware that is unique to Japan. Today we publish both their paper and the recording of their…

New paper: Detection of vulnerabilities in web applications by validating parameter integrity and data flow graphs

In a follow-up to a paper presented at VB2019, Prismo Systems researchers Abhishek Singh and Ramesh Mani detail algorithms that can be used to detect SQL injection in stored procedures, persistent cross-site scripting (XSS), and server‑side request…

VB2020 programme announced

VB is pleased to reveal the details of an interesting and diverse programme for VB2020, the 30th Virus Bulletin International Conference.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.