Tools That Can Be Used in the Installation Stage
Cyber-attacks have evolved to become more sophisticated than industry practitioners could ever anticipate. Thus, it is even more critical to catch intruders before they cause damage and gain intelligence in the process. Lockheed Martin created the Cyber KillChain to help stop cyber intrusions. It has, undoubtedly, advanced to cater to new changes in the sophistication of cyberattacks. The seven steps involved are reconnaissance, weaponization, delivery, exploitation, installation, command and control, and finally, actions on objectives (Khan et al., 2018). A review of the tools used in the installation stage of Cyber kill is undertaken in this discussion.
One of the tools used is AutoRun Keys which cause programs to run each time something specific happens. For example, it may be set to pick up entered data each time a user logs in. Other malware can target the computer itself, like botnet or backdoor. Malware can also get to the computer through the links sent, for instance, through emails. Many attackers would incorporate social engineering in their attack (Shin et al., 2018). For instance, Black Friday allows an attacker to use a promotion link highlighting good deals to employees. When they click on the links, they unknowingly download malware. A hack tool is also used to create malware by adding an unauthorized user to the list of those permitted and then deletes the logs to prevent tracking of the attacker in the system.
Another tool would be VirTool, whose work is to prevent antivirus software from detecting a malicious program by modifying the program to fit the whitelist. If an antivirus cannot detect malicious programs, it cannot prevent them from doing anything. Other attackers use constructors, which are programs designed to create new viruses, worms, and trojans which generate malicious codes or files (Shalaginov et al., 2021). There are also the Denial of Service programs that send excess traffic to communication channels; hence other computers on the domain cannot send requests. Users will keep trying to perform a task, and the request would not go through since the attacker sent requests that are more than the channel capacity.
Advice to the CISO
As the Chief Information Security Officer, you need to be one step ahead of the attacker as this is a critical stage. To counter this, first and foremost, you need to make use of a Host-Based Intrusion Prevention System. Make sure you can get information on whether the malware requires any privileges, for instance, administrative privileges. Ensure the security team implements endpoint process auditing to discover abnormal file creation (Mahboubi et al., 2020). There should be logs running during the time malware was in effect and logs on behavior, such as understanding what needs to run to provide it access. This helps find solutions to tackle the malware that has infected the system.
It would help to check if all systems, especially the operating system, are up to date. If they are not, an attacker might use the vulnerabilities in the current version. It is crucial to make sure all systems are patched and updated. Conduct an asset inventory to discover which devices with what permissions have been targeted. IoT devices should also be considered during the asset inventory. Afterward, it would be best if you considered conducting a company-wide workshop on cybersecurity awareness. This would especially be useful to the non-technical employees. Warning users against inserting random memory sticks or clicking on phishing links will be significant.
References
Khan, M. S., Siddiqui, S., & Ferens, K. (2018). A cognitive and concurrent cyber kill chain model. In Computer and Network Security Essentials (pp. 585-602). Springer, Cham. Web.
Mahboubi, A., Ansari, K., & Camtepe, S. (2020). Using Process Mining to Identify File System Metrics Impacted by Ransomware Execution. In International Conference on Mobile, Secure, and Programmable Networking (pp. 57-71). Springer, Cham.
Shalaginov, A., Dyrkolbotn, G. O., & Alazab, M. (2021). Review of the Malware Categorization in the Era of Changing Cybethreats Landscape: Common Approaches, Challenges and Future Needs. In Malware Analysis Using Artificial Intelligence and Deep Learning (pp. 71-96). Springer, Cham.
Shin, K., Kim, K. M., & Lee, J. (2018). A Study on the Concept of Social Engineering Cyber Kill Chain for Social Engineering based Cyber Operations.Journal of The Korea Institute of Information Security & Cryptology, 28(5), 1247-1258. Web.