Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

What is the cyber kill chain? Why it's not always the right approach to cyber attacks

Maria Korolov, Lysa Myers | Nov. 8, 2017
Lockheed Martin's cyber kill chain approach breaks down each stage of a malware attack where you can identify and stop it, but be aware of how attack strategies are changing.

Companies often have more information available than they realize. Are names and contact details of your employees online? (Are you sure? Think social networks too, not just your own corporate website.) These could be used for social engineering purposes, say, for getting people to divulge usernames or passwords. Are there details about your web servers or physical locations online? These could be used for social engineering too, or to narrow down a list of possible exploits that would be useful to break into your environment.

This is a tricky layer to control, particularly with the popularity of social networking. Hiding sensitive information tends to be a fairly inexpensive change, though being thorough about finding the information can be time-intensive.

 

Weaponization, delivery, exploit, installation: Attempting to enter

These stages are where the criminals craft a tool to attack their chosen target, using the information they have gathered, and putting it to malicious use. The more information they can use, the more compelling a social engineering attack can be. They could use spear-phishing to gain access to internal corporate resources with the information they found on your employee's LinkedIn page. Or they could put a remote access Trojan into a file that appears to have crucial information on an upcoming event in order to entice its recipient into running it. If they know what software your users or servers run, including OS version and type, they can increase the likelihood of being able to exploit and install something within your network.

These layers of defense are where your standard security wonk advice comes in. Is your software up to date? (All of it, on every machine. Most companies have that one box in some back room that is still running Windows 98. If it's ever connected to the Internet, it's like having a welcome mat outside your door.)

Do you use email and web filtering? Email filtering can be a good way to stop common document types that are used in attacks. If you require that files be sent in a standard way, such as in a password-protected ZIP archive, this can help your users know when files are being sent intentionally. Web filtering can help keep users from going to known bad sites or domains.

Have you disabled autoplay for USB devices? Giving files the chance to run without approval is seldom a good idea from a security perspective. It's better to give the user a chance to stop and think about what they're seeing before it launches. Do you use endpoint protection software with up-to-date functionality? While endpoint protection software is not intended to deal with brand-new targeted attacks, sometimes they can catch threats based on known suspicious behavior or known software exploits.

 

Previous Page  1  2  3  4  5  6  Next Page 

Sign up for CIO Asia eNewsletters.