Perspectives

Anatomy of a Cyber Attack

Part 3

One of the most important knowledge that a cyber security professional would have to know is the Cyber Kill Chain. The Cyber Kill Chain is a seven-stage model that illustrates how cyber criminals get to their victims and target on the system’s vulnerabilities.

7-Stages of Cyber Kill Chain

Reconnaissance

Attacker gathers information on the target before launching attack. They usually look for publicly available information on the Internet.

2. Weaponization

The attacker uses an exploit and create a malicious payload to send the victim without actual contact with them.

3. Delivery

Attacker sends malicious payload to the victim by email or through other means, which is only one of the numerous intrusion methods the attacker can use.

4. Exploitation

The actual exploitation only takes place when the attacker uses an exploit.

5. Installation

Installing malware on the infected computer is only relevant if the attacker used malware as part of the attack.

6. Command and Control

The attacker creates a command and control channel to continue operating his internal assets remotely.

7. Actions

Attacker performs these steps to achieve his actual goals inside the victim’s network.

Key takeaways

Knowing and understanding the “7 Steps of The Cyber Kill Chain” enable organisations to trace the movements of an attacker and take the necessary security precautions to prevent such attack from happening.

However, over-focus on this area can also be detrimental to network security. A persistent, highly determined and skilled attacker will always find a way into the network. Thus, instead of analysing old malware, organisation should also focus on detecting ongoing attacks before the damage is done.

July 2017 Part 3: 7 Stages of Cyber Kill Chain

Requires Adobe Reader

References

Deloitte.com. Responding to cyber threats in the new reality.
Retrieved from Deloitte.com: https://www2.deloitte.com/content/dam/Deloitte/sg/Documents/risk/sea-risk-cyber-thought-leadership-noexp.pdf

Alien Vault. Defend like an attacker: Applying the cyber kill chain
Retrieved from Alien Vault: https://www.alienvault.com/blogs/security-essentials/defend-like-an-attacker-applying-the-cyber-kill-chain

Telelink. Access Networking Threats, Corporate WAN Threats, IT Threats
Retrieved from Telelink: http://itsecurity.telelink.com/reconnaissance/

Techopedia. Active Reconnaissance.
Retrieved from Techopedia: https://www.techopedia.com/definition/3650/active-reconnaissance

The Guardian. (2016, October 22). Cyber attack: hackers ‘weaponised’ everyday devices
with malware. Retrieved from The Guardian: https://www.theguardian.com/technology/2016/oct/22/cyber-attack-hackers-weaponised-everyday-devices-with-malware-to-mount-assault

University of Pennsylvania. Cyber Weapons. Retrieved from University of Pennsylvania: https://sites.google.com/site/uscyberwar/cyber-weapons

Alert Logic. (2016, December 30). The Cyber Kill Chain: Understanding Advanced Persistent Threats. Retrieved from Alert Logic: https://www.alertlogic.com/blog/the-cyber-kill-chain-understanding-advanced-persistent-threats/

Dark Reading. (2016, September 9). A Twist On The Cyber Kill Chain: Defending Against A Javascript Malware Attack. Retrieved from Dark Reading: http://www.darkreading.com/attacks-breaches/a-twist-on-the-cyber-kill-chain-defending-against-a-javascript-malware-attack/a/d-id/1326952

CNN. (2017, June 28). Another big malware attach ripples across the world. Retrieved from CNN: http://money.cnn.com/2017/06/27/technology/hacking-petya-europe-ukraine-wpp-rosneft/index.html

Bleeping Computer (2017, July 20). Valve Patches Security Flaw That Allows Installation of Malware via Steam Games. Retrieved from Bleeping Computer: https://www.bleepingcomputer.com/news/security/valve-patches-security-flaw-that-allows-installation-of-malware-via-steam-games/

RSA. (2012, August 16). Stalking The Kill Chain: The Attacker’s Chain. Retrieved from RSA: https://blogs.rsa.com/stalking-the-kill-chain-the-attackers-chain-2/

News. (2017, May 15). Ransomware cyberattack hits Australia as EU warns victims worldwide may grow. Retrieved from News: http://www.abc.net.au/news/2017-05-14/ransomware-cyberattack-threat-lingers-as-people-return-to-work/8525554

Infosec Institute. (2013, May 21). Cyber Kill Chain is a Great Idea, But Is It Something Your Company Can Implement. Retrieved from Infosec Institute: http://resources.infosecinstitute.com/cyber-kill-chain-is-a-great-idea-but-is-it-something-your-company-can-implement/#gref

Viewing offline content

Audit & Assurance

Consulting

CxO Programs

Deloitte Private

Financial Advisory

International Specialist Services

Legal

Risk Advisory

Tax

Consumer

Energy, Resources & Industrials

Financial Services

Government & Public Services

Life Sciences & Health Care

Technology, Media & Telecommunications

Job Search

Experienced Hires

Students & Graduates

Life at Deloitte

Alumni

Anatomy of a Cyber Attack

Part 3

Your biggest risk could be you

References

Recommendations

Link your accounts

Viewing offline content

Anatomy of a Cyber Attack

Part 3

Let’s make this work.

Your biggest risk could be you

References

Recommendations

Link your accounts

You previously joined My Deloitte with your email address. Log in again to link your social media account.

You've previously logged into My Deloitte with a different account. Link your accounts by re-verifying below, or by logging in with a social media account.

Looks like you've logged in with your email address, and with your social media. Link your accounts by signing in with your email or social account.