All Q3 Bloor evolving uses of the kill chain framework ebook 2017
LogRhythm EMEA

Q3 Bloor evolving uses of the kill chain framework ebook 2017

Reconnaissance This stage represents human activity on the part of attackers as they research, identify and select their victims with activities such as scanning social networking sites, harvesting emails and looking for confidential information. Weaponisation Attack prepared, such as an attacker injecting a deliverable payload into a PDF or Word documentor generating a malicious URL, coupled with a backdoor or remote access tool. Figure 1: The cyber kill chain The cyber kill chain® he cyber kill chain was developed by and is a registered trademark of Lockheed Martin. It builds on a concept that was originally developed by the military to describe how an attack is structured and the phases that attackers go through. T The original military kill chain methodology defined these stages as find, fix, track, target, engage and assess. In the cyber kill chain, the stages are defined as reconnaissance, weaponisation, delivery, exploitation, installation, command & control, and actions on objective, as shown in Figure 1. The cyber kill chain is a methodology that enables security professionals to look at security threats and incidents from the perspective of the attacker. Every security incident leaves traces that can reveal information about the methods being used by the perpetrator, including the tactics and techniques that are being used. This information is extremely useful in informing security teams so that they can better detect what is happening and can respond in a faster, more coordinated manner. Actions on Objectives Delivery Prepared attack delivered to victim. Can be sent as a phishing email with a URL or attachment, posted on a vulnerable website for a wateringhole attack, posted as malvertising, planted on a USB stick or other removable media, or as a social media post reply. Command and Control An external command and control server in the hands of an attacker communicates with the installed malware to allow remote manipulation of the victim to manage, maintain and evolve the attack. Exploitation Vulnerability is exploited to deliver payload onto victim’s system, such as by clicking on a link or opening a tainted attachment. Installation A malicious payload such as a Trojan, malware or spyware is installed in order toenable persistent access by the attacker. The attacker looks to achieve its objectives, such as exfiltration of data, destruction of data or further intrusion into the network to infect further systems. Such evidence will also help an organisation to harden its defences against future attack by being better able to anticipate how criminals work based on knowledge gathered from previous incidents. They will also be able to better see where there are gaps in defences at all stages of the kill chain so that holes can be closed and future attacks that have previously been seen can be stopped. By using the cyber kill chain methodology, the stakes are raised considerably for attackers. They will need to constantly switch to new tactics, increasing both the cost of and time taken to perpetrate their deeds. The end goal is to ensure that adversaries have no inherent advantage over their targets. The cyber kill chain can be used to defend against many types of attacks and threats, including sophisticated targeted attacks, insider threats, fraud, ransomware, social engineering, compliance violations and disruptions to IT services. As shown in Figure 2, the consequences of a security breach can be far-reaching. Figure 2: What were the repercussions of the worst incident? Source: PwC 23% Other Business disruption 10% Reputational damage 42% 15% 10% Value of lost assets Cost to investigate and fix
Please complete the form to gain access to this content
Access Now

Related Resources

LogRhythm EMEA
The SOC Hiring Handbook
Read more
LogRhythm EMEA
The State of the Security Team
Read more
LogRhythm EMEA
Gain board-level support for your security program
Read more
LogRhythm EMEA
7 metrics to measure the effectiveness of your sec...
Read more
LogRhythm EMEA
Using MITRE ATT&CK in Threat Hunting and Detection
Read more
LogRhythm EMEA
LR-Defeating Threats w/ User Data-White Paper-2018
Read more
LogRhythm EMEA
Q4 Die Ransomware Bedrohung
Read more
LogRhythm EMEA
LogRhythm Next Generation Ransomware Brochure 2017
Read more
LogRhythm EMEA
Logrhythm machine learning and artificial intellig...
Read more
LogRhythm EMEA
ThreatMangement.info - Contact Identified on Site
Read more
LogRhythm EMEA
ThreatMangement.info - The threat lifecycle manage...
Read more
LogRhythm EMEA
Logrhythm Cyber Risk in Critical National Infrastr...
Read more
LogRhythm EMEA
ThreatMangement.info - The General Data Protection...
Read more
LogRhythm EMEA
ThreatMangement.info - Evolving uses of the kill c...
Read more
LogRhythm EMEA
How to build a SOC with limited resources
Read more
LogRhythm EMEA
Logrhythm CISOs Investigate User Behavior Analytic...
Read more
LogRhythm EMEA
Q3 LogRhythm Threat Lifecycle Management Whitepape...
Read more
LogRhythm EMEA
LogRhythm Detecting Compromised Systems Whitepaper...
Read more
LogRhythm EMEA
Q3 CyberEdge Definitive Guide to Security Intellig...
Read more
LogRhythm EMEA
Riyadh Security Event
Read more
Load more