Introduction
Many solutions have been fronted to deal with cyber intrusions over the years. The cyber kill chain is a 7-step intelligence-driven defense model designed to deal with cyber intrusions at each level. The fourth phase of a cyber kill is when the malware begins exploiting the attacked system for vulnerabilities. During exploitation, the malware actions will be based on the weaponization strategy used in phase two based on the knowledge gathered during reconnaissance in phase one.
Main body
Once the malware has been delivered onto the system, the malicious program will run on the host machine and initiate the intended attack. The execution will be against the vulnerabilities that exist in the attacked system. In this phase, the attackers might install malware code, referred to as dropper, to execute given commands. Alternatively, the attacker could install malware, referred to as a downloader, to download additional malware onto the system before executing attack commands. The exploitation seeks to find vulnerabilities that will allow malware programs and code on the host (HosseiniNejad et al., 2019). The malware includes trojans, viruses, worms, adware, spyware, and ransomware; there are instances where multiple malware can be installed.
Advanced malware can be used to steal sensitive data or initiate given system events and functions, such as switching off the antivirus program. Consequently, this allows the attacker to gain a given level of control of the attacked system. The exploitation of the vulnerabilities leverages the weaknesses in the operating system (Khan et al., 2018). For instance, in ransomware malware, the malicious code will begin encrypting files and block the execution of critical operations of the operating system locking out legitimate users of the system. Alternatively, if it is a virus attack, the malicious program will stealthily steal data and undertake other operations over a given period. The attacker sends commands, including installation commands to initiate the fifth step, installing the intended malware.
An information security officer needs to understand the different cyber-attack phases to plan measures on how to identify, assess, and mitigate them. For an organization’s case, the Chief Information Security Officer (CISO) should implement countermeasures to deal with the exploitation phase of a cyber-attack. If the organization’s computer systems have already been infected with malware, the CISO needs first to have the means to detect the attack. Detection of malicious software can be done through the use of an intrusion detection system (Singh & Govindarasu, 2021). Furthermore, an internet security and antivirus software program can be used to detect malicious programs. The CISO should ensure consistent monitoring and scanning of the applications and files on the computer system.
There is a need to deny the execution of malicious code on the systems. This can be done through regular updates of passwords and ensuring that the operating system is constantly updated. Once the malware has been detected in the system and denied the chance of execution, there is a need to put up countermeasures to disrupt the exploitations. This includes launching commands against the malicious code, such as redirecting its commands to a sandbox to learn the program’s weaponization (Ali, 2017). There should also be the creation of trusted zones where the malicious code has not been affected. After that, the malicious code can be isolated to run commands in a given section of the system, secure. Finally, the information security officer should install app-aware systems based on artificial intelligence to learn, detect, and mitigate malware code execution.
Conclusion
In conclusion, a cyber kill chain is a 7-step that describes the different levels of a cyberattack. In the execution phase, malicious code begins running on the host computer and creates a loophole for installing more malicious programs to give the attacker more control of the system. An information security officer should employ the countermeasures shared above to deal with this phase of an attack.
References
Ali, A. (2017). Ransomware: A research and a personal case study of dealing with this nasty malware. Issues in Informing Science and Information Technology, 14, 87-99.
Hosseini Nejad, R., Haddad Pajouh, H., Dehghantanha, A., & Parizi, R. M. (2019). A cyber kill chain based analysis of remote access trojans. In A. Dehghantanha & K-K. R. Choo (Eds.), Handbook of big data and IoT security (pp. 273-299). Springer.
Khan, M. S., Siddiqui, S., & Ferens, K. (2018). A cognitive and concurrent cyber kill chain model. In K. Daimi (Ed.), Computer and network security essentials (pp. 585-602). Springer.
Singh, V. K., & Govindarasu, M. (2021). Cyber kill chain-based hybrid intrusion detection system for smart grid. In H. Haes Alhelou et al. (Eds.), Wide area power systems stability, protection, and security (pp. 571-599). Springer.