Anatomy of a Cyber Attack has been saved
Perspectives
Anatomy of a Cyber Attack
Part 3
One of the most important knowledge that a cyber security professional would have to know is the Cyber Kill Chain. The Cyber Kill Chain is a seven-stage model that illustrates how cyber criminals get to their victims and target on the system’s vulnerabilities.
7-Stages of Cyber Kill Chain
- Reconnaissance
- Attacker gathers information on the target before launching attack. They usually look for publicly available information on the Internet.
2. Weaponization
- The attacker uses an exploit and create a malicious payload to send the victim without actual contact with them.
3. Delivery
- Attacker sends malicious payload to the victim by email or through other means, which is only one of the numerous intrusion methods the attacker can use.
4. Exploitation
- The actual exploitation only takes place when the attacker uses an exploit.
5. Installation
- Installing malware on the infected computer is only relevant if the attacker used malware as part of the attack.
6. Command and Control
- The attacker creates a command and control channel to continue operating his internal assets remotely.
7. Actions
- Attacker performs these steps to achieve his actual goals inside the victim’s network.
Key takeaways
Knowing and understanding the “7 Steps of The Cyber Kill Chain” enable organisations to trace the movements of an attacker and take the necessary security precautions to prevent such attack from happening.
However, over-focus on this area can also be detrimental to network security. A persistent, highly determined and skilled attacker will always find a way into the network. Thus, instead of analysing old malware, organisation should also focus on detecting ongoing attacks before the damage is done.
References
Deloitte.com. Responding to cyber threats in the new reality.
Retrieved from Deloitte.com: https://www2.deloitte.com/content/dam/Deloitte/sg/Documents/risk/sea-risk-cyber-thought-leadership-noexp.pdf
Alien Vault. Defend like an attacker: Applying the cyber kill chain
Retrieved from Alien Vault: https://www.alienvault.com/blogs/security-essentials/defend-like-an-attacker-applying-the-cyber-kill-chain
Telelink. Access Networking Threats, Corporate WAN Threats, IT Threats
Retrieved from Telelink: http://itsecurity.telelink.com/reconnaissance/
Techopedia. Active Reconnaissance.
Retrieved from Techopedia: https://www.techopedia.com/definition/3650/active-reconnaissance
The Guardian. (2016, October 22). Cyber attack: hackers ‘weaponised’ everyday devices
with malware. Retrieved from The Guardian: https://www.theguardian.com/technology/2016/oct/22/cyber-attack-hackers-weaponised-everyday-devices-with-malware-to-mount-assault
University of Pennsylvania. Cyber Weapons. Retrieved from University of Pennsylvania: https://sites.google.com/site/uscyberwar/cyber-weapons
Alert Logic. (2016, December 30). The Cyber Kill Chain: Understanding Advanced Persistent Threats. Retrieved from Alert Logic: https://www.alertlogic.com/blog/the-cyber-kill-chain-understanding-advanced-persistent-threats/
Dark Reading. (2016, September 9). A Twist On The Cyber Kill Chain: Defending Against A Javascript Malware Attack. Retrieved from Dark Reading: http://www.darkreading.com/attacks-breaches/a-twist-on-the-cyber-kill-chain-defending-against-a-javascript-malware-attack/a/d-id/1326952
CNN. (2017, June 28). Another big malware attach ripples across the world. Retrieved from CNN: http://money.cnn.com/2017/06/27/technology/hacking-petya-europe-ukraine-wpp-rosneft/index.html
Bleeping Computer (2017, July 20). Valve Patches Security Flaw That Allows Installation of Malware via Steam Games. Retrieved from Bleeping Computer: https://www.bleepingcomputer.com/news/security/valve-patches-security-flaw-that-allows-installation-of-malware-via-steam-games/
RSA. (2012, August 16). Stalking The Kill Chain: The Attacker’s Chain. Retrieved from RSA: https://blogs.rsa.com/stalking-the-kill-chain-the-attackers-chain-2/
News. (2017, May 15). Ransomware cyberattack hits Australia as EU warns victims worldwide may grow. Retrieved from News: http://www.abc.net.au/news/2017-05-14/ransomware-cyberattack-threat-lingers-as-people-return-to-work/8525554
Infosec Institute. (2013, May 21). Cyber Kill Chain is a Great Idea, But Is It Something Your Company Can Implement. Retrieved from Infosec Institute: http://resources.infosecinstitute.com/cyber-kill-chain-is-a-great-idea-but-is-it-something-your-company-can-implement/#gref