The cyber kill chain (Models & Methodologies)
With the various merits being provided by the internet, most of the services are being offered online, such as banking. However, these benefits are accompanied with cyber threats. Furthermore, cyber threats nowadays are not like past ones. As most attack nowadays targets a specific organisation or companies by establishing goal-oriented attacks. Even though money is spent on preventing such attacks, the number of cyberattacks, and the damage it causes is increasing. As most of these attacks are advanced, therefore, new techniques have been adopted, such as the cyber kill chain model. The cyber kill chain as a firewall to explain advanced attacks such as advanced persistent threats (APTs) (Kim et al., 2018).
Author's work |
The cyber kill chain is used to improve security by analysing the attack stages; the model is designed so defenders could interrupt the attack at every stage of it. Furthermore, as the old saying says“Defenders need to defend against everything while attackers only need to exploit one weakness.” thus, the cyber kill chain helps organisations and companies create more secure environments by analysing the seven stages of an attack (CyCraft Classroom: MITRE ATT&CK vs. Cyber Kill Chain vs. Diamond Model, 2020).
1- Reconnaissance: in this stage, the hacker starts to collect data and determine its target that could be corporations, social media account, and so on (Zhou et al., 2018).
2- Weaponisation: in this stage, the hacker creates a way to exploit the system's vulnerabilities based on the data collected from the reconnaissance stage. This could happen by using exploits tools or social engineering techniques (CyCraft Classroom: MITRE ATT&CK vs. Cyber Kill Chain vs. Diamond Model, 2020).
3- Delivery: in this stage, the hacker carries on with the weaponisation stage and deliver the attack. This could happen by using an infected email attachment or phishing technique, and so on (Zhou et al., 2018).
4- Exploitation: in this stage, the hacker has already delivered its weapon and ready to execute the attack. Normally the system's vulnerabilities on this stage are exploited (Zhou et al., 2018).
5- Installation: in this stage, the attacker has access to the system, so trojan is installed or backdoors to give the attacker better access to the target's system (Zhou et al., 2018).
6- Command & Control (C2): in this stage, the attacker sets an attack path to establishing the cyberattack. As cyberattacks normally involve human interaction (hacker) rather than being fully automated (Zhou et al., 2018).
7- Actions on Objectives: in this stage, the attackers have already achieved their goals. Collecting sensitive data, damaging the system, and so on (Zhou et al., 2018).
- Kim, H., Kwon, H. and Kim, K., 2018. Modified cyber kill chain model for multimedia service environments. Multimedia Tools and Applications, [online] 78(3), pp.3153-3170. Available at: <https://search-proquest-com.proxy.library.dmu.ac.uk/docview/2022765173?pq-origsite=summon> [Accessed 6 December 2020].
- Medium. 2020. Cycraft Classroom: MITRE ATT&CK Vs. Cyber Kill Chain Vs. Diamond Model. [online] Available at: <https://medium.com/cycraft/cycraft-classroom-mitre-att-ck-vs-cyber-kill-chain-vs-diamond-model-1cc8fa49a20f> [Accessed 6 December 2020].
- Zhou, X., Xu, Z., Wang, L., Chen, K., Chen, C., and Zhang, W., 2018. Kill Chain For Industrial Control System. [ebook] Beijing: EDP Sciences. Available at: <https://www.matec-conferences.org/articles/matecconf/pdf/2018/32/matecconf_smima2018_01013.pdf> [Accessed 6 December 2020].
Peer to peer review
ReplyDeleteHi Reema
In general, your blog is nice in my personal opinion. You are doing research about interesting topics, your posts have nice pictures included, I like the hyperlinks, which you provided somewhere as well. I can see you also improved your references, which are in correct order as well. One thing you can do is provide more background information in your post about "ILOVEYOU virus". It's one of the most known viruses in history, so in my opinion it's nice to describe it.
Many thanks
Daniel
Thank you for your feedback Daniel. However, the aim behind "ILOVEYOU Virus" post was to show the social engineering aspect and the procedure which has taken place .
Delete