A cyber kill chain is a security model, that helps to understand and predict all the stages of a cyberattack. A cyber kill chain enables one to prepare for such widespread threats as ransomware attacks, network breaches, data thefts, and advanced persistent attacks (Velimirovic, 2021). There is a certain pattern for each crime, which includes reconnaissance of the target, delivery of weapons, installation, establishing a command and control (C&C) channel, and accomplishing the mission – which is often the process of exfiltrating data (Sager, 2014). Understanding the methods hackers use to commit a crime allows for selecting the right tools to detect intruders, minimize potential risks, or prevent the attack. Reconnaissance, being the first stage of any imminent crime, is characterized by the process of selecting a target, and researching it to identify its vulnerabilities. It is generally thought that understanding this process can help to find the right methods for preventing many attacks without losses for the victim.
Reconnaissance is the first stage of each attack, during which the hacker gathers all the necessary information about their target. It can be performed through public websites, “conferences, blogs, social relationships, mailing lists and network tracing tools” as they provide the attackers with many useful data about the target (Yadav & Rao, 2015, p. 440). It also includes “technical tactics such as scanning ports for vulnerabilities, services, and applications to exploit” (Sager, 2014, p. 2). There is a classification, highlighting two types of reconnaissance: passive and active (Velimirovic, 2021). The first group implies that the hacker makes their study of the target without actual interaction with them. In this case, the victim is not aware of the planned attack and has no records of the attacker’s activity. Active reconnaissance means that the hacker receives unauthorized access to the network and penetrates directly into the system to collect the necessary data. At this stage, attackers find security vulnerabilities, opportunities for employing an insider accomplice, and useful tools and verification protocols. This way, reconnaissance provides attackers with knowledge about the chosen target, enabling them to find a suitable type of weapon.
The defense strategy against the reconnaissance stage of cyber kill includes setting up a firewall, monitoring points of entry and visitor logs for suspicious behavior, and checking for not typical emails, calls, and social media messages. There is also strong advice for making strict restrictions on publishing the information about the company on the Internet. Moreover, “a detailed analysis in terms of possible attack types is recommended, meaning, for example, DDoS attacks on web servers or mail servers” (Hornetsecurity, n.d., para. 5). The basic principle of detecting the planning attacks during the reconnaissance stage means identifying abnormalities in time, which gives more chances to prevent crimes.
In conclusion, cyber kill is a protection model, aimed at securing the websites of potential targets from attacks. Analyzing each step of a hacker helps to detect threats and allows for minimizing the risks or even preventing the crimes. Understanding the reconnaissance stage is one of the crucial aspects of this process as it allows identifying the attackers’ actions in time to be able to prevent the imminent crime. During this step, hackers collect information about the target’s activities, logs, and employees, as well as search for weak points in the system to decide which weapon is more suitable for this victim. There are multiple methods, which can secure the system from such attacks, including the installation of firewalls, the restriction of publishing information about the company on the Internet and monitoring the resources for suspicious activities. All of these methods are aimed at detecting the intruder in time to prevent the crime during the reconnaissance stage.
References
Hornetsecurity. (n.d.). Cyber kill chain. Increasing IT security in companies step-by-step.Web.
Sager, T. (2014). Killing advanced threats in their tracks: An intelligent approach to attack prevention. SANS Institute Information Security Reading Room.
Velimirovic, A. (2021). What is a cyber kill chain?PhoenixNAP. Web.
Yadav, T. & Rao, A.M. (2015). Technical aspects of the cyber kill chain. Third International Symposium on Security in Computing and Communications (SSCC’15), 536, 438-452. Web.