Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Cyber kill chain.docx
1. Please read and offer commentary on the Cyber Kill Chain as its relevance to Incident Response and any
enhancements you might offer. It was initially designed for intrusions, can it be expanded to other cyber
threats?
The Cyber Kill Chain method is a process that details the event of a cyber-attack from the
initial state until the ending results. There are seven stages of this method, each which respond to
an event that has already happened. The seven stages of the CKC is reconnaissance,
weaponization, delivery, exploitation, instillation, command and control, and actions and
objectives. Each of these steps occur in that order and attempt to detect, deny, disrupt, degrade,
deceive, or destroy functions of the attack. The chain of events are complex and unique in its
recovery process.
The first process of the cyber kill chain is reconnaissance. This is the process of an
attacker surveying the network to find where the holes are. There is often areas where an attacker
can figure out how to get in and some are more obvious than others. In order to prevent this, you
want to survey your own system so that you can notice it before the wrong person does. A great
way in doing this is to log all of the users’ activity on the network. The second stage is
weaponization. This is where the attacker forms the attack. In this instance it is common that
malware is linked to apps or files that users have to access. It is often hidden but have to later be
activated. An example of this is social engineering and phishing emails. These are among the
most common ones. The third portion of the process is delivery. Following the creation of the
weapon for the attack,
Delivery- In this stage, the attacker delivers the weapon to the targeted machine. In this instance,
the machine can still be safe because it is only presented to the user. This is when users must
make good judgement on what to click, and what can potentially harm their machine. Within the
example, the client sent their bank teller an email which had a form attached. This form was
meant to show the teller information for the days withdraw, but also contained malware. The
bank teller did not use proper caution when opening files from clients, and downloaded it with
no hesitation. Once the file was downloaded, instantly the client knew he would be able to
exploit the system.
Exploitation- This is the portion where the program of the attack is triggered. It acts on the
network and is initiated. It is important for there to be policy restrictions so that it is not as easily
executed.
This study source was downloaded by 100000794300189 from CourseHero.com on 12-12-2021 15:46:44 GMT -06:00
https://www.coursehero.com/file/31240940/cyber-kill-chaindocx/
2. Instillation- This step is where the intruder installs the attack and gains access. This is a back
door process that the user is unaware of when it may occur and where to search for it. However,
this is why scans should be done often on the network to search for unusual activity. If the
attacker is caught in this stage, there is a chance that the information has not already been
compromised. Time is vital in the instance of an intrusion.
Command and Control- This stage is where the attacker is able to access the machine as if it
has hands on the computer. They can reach all documents, files, the entire system. In this
instance, it is important for preventative measures to have information encrypted and password
protected. Once an attacker can access the machine, if it is password protected in certain areas,
there are roadblocks to their attack. Also, in the instance that there is encrypted information, it
would be more difficult for them to decode it. Within the example, the lax anti-virus software on
the machines did not enforce such security measures. The system was open and completely
vulnerable for the attacker to exploit. The example explains how security cameras were then used
to access the machines that were not on the network.
Actions and Objective- This is where the attacker takes actions to achieve their intrusion goal.
This is where data is extracted, destroyed, and or encrypted for ransom. In this event, the system
has been completely exploited. There are a few measures one may do to prevent the entire
system from being accessed. You may disrupt the outbound traffic or even interfere within the
control of the attacker. The best bet is to have a segmented network in order to hold the attacker
to one section that it originally accessed. Within the example, the attacker was then able to insert
a dirty USB to the air-gapped machine machine to extract all other files. This step made
impossible for them to regain full access to files.
These steps can be used for any type of prevention or even solution to recovering from an attack.
Figure 2 breaks them down into a chart for a visual of how it all works.
This study source was downloaded by 100000794300189 from CourseHero.com on 12-12-2021 15:46:44 GMT -06:00
https://www.coursehero.com/file/31240940/cyber-kill-chaindocx/
Powered by TCPDF (www.tcpdf.org)