What is the cyber kill chain? To explain what this is, we first have to look at the whole process of the cyber-attack. To stop a cyber-attack, you first have to understand the process that the purveyor of the attack goes through. And, more importantly, know what the end goal of the attack is. There are various types of cyber-attacks and each one has a different goal or objective. But by far the most dangerous are those initiated for and by, organised crime gangs. We class these as Advanced threats and these are our zero-day, Fileless, Exploits and Phishing attacks. These are the hardest to detect and could be in your system for a long time before they are found.
It takes on average over 100 days to detect a data breach.
The Cyber Kill Chain is the process the attacker goes through before being able complete the end goal. This means we as IT Professionals, need to understand the steps and look at ways to kill the attack before it reaches the final stage.
There are seven stages to the Cyber Kill Chain
- Reconnaissance
To start the cyber-attacker will crawl the Internet looking for any vulnerabilities within your Network, websites, external facing IP addresses. This could also include mailing lists or social media accounts
- Weaponise
Once identified, they will create a trojan that will aim to exploit your vulnerability. This will be an automated tool that could be attached to an Adobe .pdf, email or embedded with a fake website.
- Deliver
This will then be delivered by the media selected above
- Exploit
Once delivered, and at this stage, unless you have some form of breach detection software, you will still be unaware of the breach. The payload will then trigger code and start carrying out what the attacker wants. It could be in your system for days, months or even years before it initiates an action.
- Control
Once the payload starts to work it will install software on your device and create a ‘backdoor’ out of your system back to the attacker
- Execute
Once all the data has been gathered it will then execute the command and send your data back to a command and control centre.
- Maintain
At this stage it is too late, you have been hacked! The attacker can now do what they want with your system and you have no control over what data they take or what action they take.
Now we understand what the cyber kill chain is – how are you going to protect yourself against it?
There are a number of steps you can take and the first one is very simple. Make sure all your systems are patched, up to date and all un-used firewall ports are closed.
From there, gateway and endpoint antivirus is essential. This will give you the basics. However, to detect and destroy a cyber attack you need to have specialised software. Unleashed has spent the last 18 months working with partners to identify the best solution for SME/Mid corporate sized businesses. We are actively working with vendors such as F-Secure, ForcePoint, and Zonefox to give you a solution that will help protect your business.
If you would like to know more then please contact us on 0333 240 0656 or visit our website www.weareunleashed.com