Home > Free Essays > Tech & Engineering > Cyber Security > Aspects of the Cyber Kill Chain

Aspects of the Cyber Kill Chain Essay (Article)

Exclusively available on IvyPanda Available only on IvyPanda
Updated: Aug 22nd, 2022

The threat of cyber attacks on computer networks and data grows simultaneously with technology development. To defend a network, professionals and analysts should constantly monitor and regularly fix the system’s vulnerability. It is also essential to predict possible future adversary campaigns aimed at ultimate data exfiltration or data integrity violation. With the emergence of so-called Advanced Persistent Threats (APTs), the traditional incidence response methods proved ineffective. APT is an attack campaign in which one or a group of intruders gain access to the network to maintain a long-term, illicit presence (Lord, 2018).

The latter is needed to fulfill the objective of data mining and theft. Such intrusions often remain undetected by conventional security measures such as defense-in-depth, antivirus, and firewall solutions. For that reason, Lockheed-Martin’s scientists introduced an intrusion kill framework that helps defend computer networks by breaking down attacks into progressive phases (Hutchins et al., 2011). The main idea behind it is to respond early to the attack instead of focusing on post-compromise phases and effects.

The framework consists of separate steps of an APT campaign: reconnaissance (search for system vulnerabilities), weaponization (creation of remote access weapon), and delivery (weapon transmission). It also requires exploitation (malware program in action), installation (backdoor), command and control (seizure of administration rights), and actions on objective phases (encryption for ransom or data exfiltration) (Hospelhorn, 2020). It seems that for computer scientists, all pre-compromise stages of attack are more attractive due to their decisive role in the successful prevention and mitigation of APTs.

The incidence response approach is deemed ineffective since analyses and defense action often comes too late (Installation and C2 steps). On the contrary, Hutchins et al. (2011) suggest focusing on analysis and detection efforts up the kill chain following all intrusion phases. Naturally, APT and data manipulations become possible only if the adversary manages to pass successfully all the mentioned stages one after another. The defenders have a chance to use intruders’ persistence for their own sake as the former will re-use infrastructure and tools due to economic reasons.

What is more, the kill chain helps to collect information on unsuccessful attempts and reveal new exploits, avoiding any security damages. For instance, if an adversary used a known indicator by sending a targeted malicious email, the latter would be blocked and data theft prevented at the delivery stage (Hutchins et al., 2011). Nevertheless, further analysis of email and targeted chain may give insights on a new backdoor or exploit presence. It limits the success rate of future intrusions going undetected just because of different delivery. Thus, this method allows defenders to set courses of action along the chain, early detect vulnerabilities, mitigate future attacks, and enjoy a tactical advantage over intruders.

The authors also reveal other primary reasons to focus on pre-compromise effects, those before the exploit phase. There are fewer indicators available for exploitation, installation, and C2 that increase the Advanced Persistent Threat’s chances to remain unnoticed by the system (Korolov & Myers, 2018). The adversary may apply a different installer or backdoor that will overcome available mitigations. Hence, defenders’ top priority is to prevent the compromise itself. For that reason, the early phases are more critical and receive more attention from the scientists in the article. The cyber kill chain is an essential security and management tool helping to enhance system defense gradually.

References

Hospelhorn, S. (2020). . Varonis. Web.

Hutchins, E. M., Cloppert, M. J., & Amin, R. M. (2011). Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Leading Issues in Information Warfare & Security Research, 1(1), 113-125.

Korolov, M., & Myers, L. (2018). . CSO. Web.

Lord, N. (2018). . Digitalguardian. Web.

This article on Aspects of the Cyber Kill Chain was written and submitted by your fellow student. You are free to use it for research and reference purposes in order to write your own paper; however, you must cite it accordingly.
Removal Request
If you are the copyright owner of this paper and no longer wish to have your work published on IvyPanda.
Request the removal

Need a custom Article sample written from scratch by
professional specifically for you?

801 certified writers online

Cite This paper
Select a referencing style:

Reference

IvyPanda. (2022, August 22). Aspects of the Cyber Kill Chain. https://ivypanda.com/essays/aspects-of-the-cyber-kill-chain/

Reference

IvyPanda. (2022, August 22). Aspects of the Cyber Kill Chain. Retrieved from https://ivypanda.com/essays/aspects-of-the-cyber-kill-chain/

Work Cited

"Aspects of the Cyber Kill Chain." IvyPanda, 22 Aug. 2022, ivypanda.com/essays/aspects-of-the-cyber-kill-chain/.

1. IvyPanda. "Aspects of the Cyber Kill Chain." August 22, 2022. https://ivypanda.com/essays/aspects-of-the-cyber-kill-chain/.


Bibliography


IvyPanda. "Aspects of the Cyber Kill Chain." August 22, 2022. https://ivypanda.com/essays/aspects-of-the-cyber-kill-chain/.

References

IvyPanda. 2022. "Aspects of the Cyber Kill Chain." August 22, 2022. https://ivypanda.com/essays/aspects-of-the-cyber-kill-chain/.

References

IvyPanda. (2022) 'Aspects of the Cyber Kill Chain'. 22 August.

Powered by CiteTotal, the best citation creator
More related papers