SlideShare a Scribd company logo

The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading

Muhammad FAHAD
Muhammad FAHAD

The “cyber kill chain” is a sequence of stages required for an attacker to successfully infiltrate a network and exfiltrate data from it. Each stage demonstrates a specific goal along the attacker’s path. Designing your monitoring and response plan around the cyber kill chain model is an effective method because it focuses on how actual attacks happen.

Education
1 of 11
Download to read offline
7 Stages of Cyber Kill Chain Supplementary Reading
Cyber 101: Supplementary Reading © 2017 Deloitte Touche Tohmatsu Limited Slide 2 The “cyber kill chain” is a sequence of stages required for an attacker to successfully infiltrate a network and exfiltrate data from it. Each stage demonstrates a specific goal along the attacker’s path. Designing your monitoring and response plan around the cyber kill chain model is an effective method because it focuses on how actual attacks happen. https://www.alienvault.com/blogs/security-essentials/defend-like-an- attacker-applying-the-cyber-kill-chain Overview https://www2.deloitte.com/content/dam/Deloitte/sg/Documents/ri sk/sea-risk-cyber-thought-leadership-noexp.pdf “It is vital that we have secure systems that we can trust, not just preventing credit card numbers from being stolen, but protecting ourselves from malicious attacks where there is hacking or Distributed Denial of Service attacks, you know what that is. Whether is it malware that infects our computers which steals sensitive information or possibly threatens critical infrastructure if it gets into the hospital IT systems, patients can die, if it gets into our power system, our power grid can be brought down, if it gets into our airport system, we can have a very serious problem.” says Mr. Lee Hsien Loong, the Prime Minister of Singapore.
Cyber 101: Supplementary Reading © 2017 Deloitte Touche Tohmatsu Limited Slide 3 Reconnaissance What are reconnaissance attacks? A reconnaissance attack, as the name implies, is the efforts of an threat actors to gain as much information about the network as possible before launching other more serious types of attacks. Quite often, the reconnaissance attack is implemented by using readily available information. What is the objective? Reconnaissance Attacker will focus on “who”, or the network: “Who” will likely focus on privileged individuals (either for system access, or access to confidential data “Network” will focus on architecture and layout; tools, devices and protocols; and critical infrastructure. It is like a robber understanding the behaviour of the victim and breaking into the victim’s house. Types of reconnaissance attack: • Passive reconnaissance Definition: A hacker looks for information not related to victim domain. He just knows the registered domain to the target system so he can use commands (eg. Telephone directory) to fish information about the target • Active reconnaissance Definition:A hacker uses system information to gain unauthorized access to protected digital or electronic materials, and may go around routers or even firewalls to get it. "The problem with social media is that people have an inherent trust," explains Mark James, security specialist with IT security firm ESET. "And that is what is being tapped into by those cybercriminals." http://itsecurity.telelink.com/reconnaissance/ https://www.techopedia.com/definition/3650/active-reconnaissance
Cyber 101: Supplementary Reading © 2017 Deloitte Touche Tohmatsu Limited Slide 4 Weaponization “Hackers used hundreds of thousands of internet-connected devices that had previously been infected with a malicious code – known as a “botnet” or, jokingly, a “zombie army” – to force an especially potent distributed denial of service (DDoS) attack.” The Guardian reports. https://www.theguardian.com/technology/2016/oct/22/cyber-attack-hackers-weaponised-everyday-devices-with-malware-to-mount-assault What are the more well-known cyber weapons? • Botnet A network of computers forced to work together on the command of an unauthorized remote user. This network of robot computers is used to attack other systems. • DDOS Distributed Denial of Service attacks is where a computer system or network is flooded with data traffic, so much that the system can’t handle the volume of requests and the system or network shuts down. • Malware Malicious software is injected into a system or network to do things the owner would not want done. Examples include: Logic bombs, worms, viruses, packet sniffers (eavesdropping on a network). https://sites.google.com/site/uscyberwar/cyber-weapons
Cyber 101: Supplementary Reading © 2017 Deloitte Touche Tohmatsu Limited Slide 5 What is delivery? Attacker sends malicious payload to the victim by means such as email, which is only one of the numerous intrusion methods the attacker can use. There are over 100 delivery methods possible. Objective: Attackers launch their intrusion (weapons developed in the previous step) Two basic methods: • Adversary-controlled delivery, which involves direct hacking into an open port • Adversary-released delivery, which conveys the malware to the target through phishing Delivery “In a drive-by download attack, your browser loads the attacker's infected ad. Network-based antivirus protection on your perimeter can often block malicious JavaScript before it reaches the client.” http://www.darkreading.com/attacks-breaches/a-twist-on-the- cyber-kill-chain-defending-against-a-javascript-malware- attack/a/d-id/1326952 https://www.alertlogic.com/blog/the-cyber-kill-chain- understanding-advanced-persistent-threats/
Cyber 101: Supplementary Reading © 2017 Deloitte Touche Tohmatsu Limited Slide 6 “Ransomware victims are always advised not to pay the ransom to get their files back because it encourages the attackers. The best way to mitigate damage from ransomware is to update operating systems and backup data. “ - CNN http://money.cnn.com/2017/06/27/technology/hacking-petya-europe-ukraine-wpp-rosneft/index.html Exploitation Once attackers have identified a vulnerability in your system, they exploit the weakness and carry out their attack. During the exploitation phase of the attack, the host machine is compromised by the attacker and the delivery mechanism typically will take one of two actions: • Install malware (a dropper) allowing attacker command execution. • Install malware (a downloader) and download additional malware from the Internet, allowing attacker command execution. Once a foothold is established inside the network, the attacker will typically download additional tools, attempt privilege escalation, extract password hashes, etc.
Cyber 101: Supplementary Reading © 2017 Deloitte Touche Tohmatsu Limited Slide 7 What are the other possible malwares? Possible malwares include ransomware and remote-access Trojans and other unwanted applications. Installation of either a web shell on a compromised web server or a backdoor implant on a compromised computer system enables adversaries to bypass security controls and maintain access in the victim’s environment. Installation “A vulnerability in Valve's Source SDK, a library used by game vendors to support custom mods and other features, allows a malicious actor to execute code on a user's computer, and optionally install malware, such as ransomware, cryptocurrency miners, banking trojans, and others.” https://www.bleepingcomputer.com/news/security/valve-patches- security-flaw-that-allows-installation-of-malware-via-steam-games/
Cyber 101: Supplementary Reading © 2017 Deloitte Touche Tohmatsu Limited Slide 8 What is it? Ransomware uses command and control connections to download encryption keys before hijacking your files. For example, remote-access Trojans open a command and control connection to allow remote access to your system. This allows persistent connectivity for continued access to the environment as well as a detective measure for defender activity. How is it done? Command and control of a compromised resource is usually accomplished via a beacon over an allowed path out of the network. Beacons take many forms, but in most cases they tend to be: • HTTP or HTTPS-based • Made to look like benign traffic via falsified HTTP headers In cases that use encrypted communication, beacons tend to use self-signed certificates or use custom encryption over an allowed path Command and Control https://blogs.rsa.com/stalking-the-kill-chain-the-attackers-chain-2/
Cyber 101: Supplementary Reading © 2017 Deloitte Touche Tohmatsu Limited Slide 9 What does “Action” mean in cyber terms? Action refers to the how the attacker accomplish his final goal. The attacker's final goal could be anything from extracting a ransom from you in exchange for decrypting your files to exfiltrating customer information out of the network. In the latter example, data-loss prevention solutions can stop exfiltration before the data leaves your network. In other attacks, endpoint agent software can identify activity that deviates from established baselines and notify IT that something is amiss. This is the elaborate active attack process that can take months, and thousands of small steps, in order to achieve. Actions http://www.darkreading.com/attacks-breaches/a-twist-on-the- cyber-kill-chain-defending-against-a-javascript-malware- attack/a/d-id/1326952 "What we are seeing is the exact same features that have occurred overseas: a freezing of their IT systems and a ransomware note.“ said Dan Tehan Mr Tehan said the attacks were on small- to medium-sized private sector businesses and that government departments had been told to ensure they were protected. http://www.abc.net.au/news/2017-05- 14/ransomware-cyberattack-threat-lingers-as- people-return-to-work/8525554
Cyber 101: Supplementary Reading © 2017 Deloitte Touche Tohmatsu Limited Slide 10 Will Kill Chain Tactics work for your Organization? If you don’t already have security and visibility built into your corporate environment, this may seem like an impossible hill to climb. But implementing a Cyber Kill Chain doesn’t have to be done overnight. Take smaller measures, completing stages as you are able. Do a check of your web presence to see what information it could give an attacker. Have each of your sites do an inventory of all computers so you can update them all. Implement layered security to decrease the possibility that threats will slip through unnoticed. Create a policy for dealing with malware events. Educate your staff about what to do with unexpected, suspicious emails. http://resources.infosecinstitute.com/cyber-kill-chain-is-a-great-idea-but-is-it-something-your-company-can-implement/#gref
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see www.deloitte.com/about to learn more about our global network of member firms. Deloitte provides audit, tax, consulting, and financial advisory services to public and private clients spanning multiple industries. With a globally connected network of member firms in more than 150 countries and territories, Deloitte brings world-class capabilities and high-quality service to clients, delivering the insights they need to address their most complex business challenges. Deloitte’s more than 244,000 professionals are committed to becoming the standard of excellence. This communication contains general information only, and none of Deloitte Touche Tohmatsu Limited, its member firms, or their related entities (collectively, the “Deloitte Network”) is, by means of this communication, rendering professional advice or services. No entity in the Deloitte network shall be responsible for any loss whatsoever sustained by any person who relies on this communication. © 2017. For information, contact Deloitte Touche Tohmatsu Limited

Recommended

Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
Cybersecurity - Poland.pdf
Cybersecurity - Poland.pdfCybersecurity - Poland.pdf
Cybersecurity - Poland.pdfPavelVtek3
 
Cybersecurity Goes Mainstream
Cybersecurity Goes MainstreamCybersecurity Goes Mainstream
Cybersecurity Goes MainstreamRob Marson
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacyHaider Ali Malik
 
INTERNET SECURITY.pptx
INTERNET SECURITY.pptxINTERNET SECURITY.pptx
INTERNET SECURITY.pptxbabepa2317
 
A Brief Note On Companies And The Largest Ever Consumer...
A Brief Note On Companies And The Largest Ever Consumer...A Brief Note On Companies And The Largest Ever Consumer...
A Brief Note On Companies And The Largest Ever Consumer...Erin Moore
 
Module 1.pdf
Module 1.pdfModule 1.pdf
Module 1.pdfSitamarhi Institute of Technology
 

Recommended

Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
Cybersecurity - Poland.pdf
Cybersecurity - Poland.pdfCybersecurity - Poland.pdf
Cybersecurity - Poland.pdfPavelVtek3
 
Cybersecurity Goes Mainstream
Cybersecurity Goes MainstreamCybersecurity Goes Mainstream
Cybersecurity Goes MainstreamRob Marson
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacyHaider Ali Malik
 
INTERNET SECURITY.pptx
INTERNET SECURITY.pptxINTERNET SECURITY.pptx
INTERNET SECURITY.pptxbabepa2317
 
A Brief Note On Companies And The Largest Ever Consumer...
A Brief Note On Companies And The Largest Ever Consumer...A Brief Note On Companies And The Largest Ever Consumer...
A Brief Note On Companies And The Largest Ever Consumer...Erin Moore
 
Module 1.pdf
Module 1.pdfModule 1.pdf
Module 1.pdfSitamarhi Institute of Technology
 
module 1 Cyber Security Concepts
module 1 Cyber Security Conceptsmodule 1 Cyber Security Concepts
module 1 Cyber Security ConceptsSitamarhi Institute of Technology
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationE.S.G. JR. Consulting, Inc.
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationKen Flott
 
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516Yasser Mohammed
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptxJoselitoJMebolos
 
Mim Attack Essay
Mim Attack EssayMim Attack Essay
Mim Attack EssayHaley Johnson
 
E Commerce security
E Commerce securityE Commerce security
E Commerce securityMayank Kashyap
 
cybersecurity
cybersecuritycybersecurity
cybersecuritymaha797959
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityIllumeo
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityRamiro Cid
 
Cyber Security.docx
Cyber Security.docxCyber Security.docx
Cyber Security.docxTanushreeChakraborty27
 
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdf
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdfImplications of Computer Misuse and Cyber Security (Teaching) (1).pdf
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdfsrtwgwfwwgw
 
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docxalinainglis
 
Tutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the WebTutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the Webdpd
 
Cyber crime & security
Cyber crime & security Cyber crime & security
Cyber crime & security aravindanvaithilinga
 
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docxThe uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docxarnoldmeredith47041
 
CyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topicCyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topicpiyushkamble6
 
9 Security Threats Everyone Should Be Aware Of
9 Security Threats Everyone Should Be Aware Of9 Security Threats Everyone Should Be Aware Of
9 Security Threats Everyone Should Be Aware OfAditya Prakhar Singh
 
Network security and viruses
Network security and virusesNetwork security and viruses
Network security and virusesAamlan Saswat Mishra
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
Intrusion Discovery Cheat Sheet for Linux
Intrusion Discovery Cheat Sheet for LinuxIntrusion Discovery Cheat Sheet for Linux
Intrusion Discovery Cheat Sheet for LinuxMuhammad FAHAD
 
CISA GOV - Seven Steps to Effectively Defend ICS
CISA GOV - Seven Steps to Effectively Defend ICSCISA GOV - Seven Steps to Effectively Defend ICS
CISA GOV - Seven Steps to Effectively Defend ICSMuhammad FAHAD
 

More Related Content

Similar to The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading

Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationE.S.G. JR. Consulting, Inc.
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationKen Flott
 
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516Yasser Mohammed
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityIllumeo
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityRamiro Cid
 
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdf
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdfImplications of Computer Misuse and Cyber Security (Teaching) (1).pdf
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdfsrtwgwfwwgw
 
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docxalinainglis
 
Tutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the WebTutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the Webdpd
 
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docxThe uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docxarnoldmeredith47041
 
CyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topicCyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topicpiyushkamble6
 
9 Security Threats Everyone Should Be Aware Of
9 Security Threats Everyone Should Be Aware Of9 Security Threats Everyone Should Be Aware Of
9 Security Threats Everyone Should Be Aware OfAditya Prakhar Singh
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 

Similar to The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading (20)

module 1 Cyber Security Concepts
module 1 Cyber Security Conceptsmodule 1 Cyber Security Concepts
module 1 Cyber Security Concepts
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network Automation
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network Automation
 
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptx
 
Mim Attack Essay
Mim Attack EssayMim Attack Essay
Mim Attack Essay
 
E Commerce security
E Commerce securityE Commerce security
E Commerce security
 
cybersecurity
cybersecuritycybersecurity
cybersecurity
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cyber Security.docx
Cyber Security.docxCyber Security.docx
Cyber Security.docx
 
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdf
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdfImplications of Computer Misuse and Cyber Security (Teaching) (1).pdf
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdf
 
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
 
Tutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the WebTutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the Web
 
Cyber crime & security
Cyber crime & security Cyber crime & security
Cyber crime & security
 
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docxThe uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
 
CyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topicCyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topic
 
9 Security Threats Everyone Should Be Aware Of
9 Security Threats Everyone Should Be Aware Of9 Security Threats Everyone Should Be Aware Of
9 Security Threats Everyone Should Be Aware Of
 
Network security and viruses
Network security and virusesNetwork security and viruses
Network security and viruses
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 

More from Muhammad FAHAD

Intrusion Discovery Cheat Sheet for Linux
Intrusion Discovery Cheat Sheet for LinuxIntrusion Discovery Cheat Sheet for Linux
Intrusion Discovery Cheat Sheet for LinuxMuhammad FAHAD
 
CISA GOV - Seven Steps to Effectively Defend ICS
CISA GOV - Seven Steps to Effectively Defend ICSCISA GOV - Seven Steps to Effectively Defend ICS
CISA GOV - Seven Steps to Effectively Defend ICSMuhammad FAHAD
 
Vulnerabilities on the Wire: Mitigations for Insecure ICS Device Communication
Vulnerabilities on the Wire: Mitigations for Insecure ICS Device CommunicationVulnerabilities on the Wire: Mitigations for Insecure ICS Device Communication
Vulnerabilities on the Wire: Mitigations for Insecure ICS Device CommunicationMuhammad FAHAD
 
Computer Security Incident Handling Guide
Computer Security Incident Handling GuideComputer Security Incident Handling Guide
Computer Security Incident Handling GuideMuhammad FAHAD
 
Steps to Improve Cyber Security of SCADA Networks by U.S. Department of Energy
Steps to Improve Cyber Security of SCADA Networks by U.S. Department of EnergySteps to Improve Cyber Security of SCADA Networks by U.S. Department of Energy
Steps to Improve Cyber Security of SCADA Networks by U.S. Department of EnergyMuhammad FAHAD
 
Common Malware Types Vulnerability Management
Common Malware Types Vulnerability ManagementCommon Malware Types Vulnerability Management
Common Malware Types Vulnerability ManagementMuhammad FAHAD
 
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...Muhammad FAHAD
 
The Top 20 Cyberattacks on Industrial Control Systems
The Top 20 Cyberattacks on Industrial Control SystemsThe Top 20 Cyberattacks on Industrial Control Systems
The Top 20 Cyberattacks on Industrial Control SystemsMuhammad FAHAD
 

More from Muhammad FAHAD (8)

Intrusion Discovery Cheat Sheet for Linux
Intrusion Discovery Cheat Sheet for LinuxIntrusion Discovery Cheat Sheet for Linux
Intrusion Discovery Cheat Sheet for Linux
 
CISA GOV - Seven Steps to Effectively Defend ICS
CISA GOV - Seven Steps to Effectively Defend ICSCISA GOV - Seven Steps to Effectively Defend ICS
CISA GOV - Seven Steps to Effectively Defend ICS
 
Vulnerabilities on the Wire: Mitigations for Insecure ICS Device Communication
Vulnerabilities on the Wire: Mitigations for Insecure ICS Device CommunicationVulnerabilities on the Wire: Mitigations for Insecure ICS Device Communication
Vulnerabilities on the Wire: Mitigations for Insecure ICS Device Communication
 
Computer Security Incident Handling Guide
Computer Security Incident Handling GuideComputer Security Incident Handling Guide
Computer Security Incident Handling Guide
 
Steps to Improve Cyber Security of SCADA Networks by U.S. Department of Energy
Steps to Improve Cyber Security of SCADA Networks by U.S. Department of EnergySteps to Improve Cyber Security of SCADA Networks by U.S. Department of Energy
Steps to Improve Cyber Security of SCADA Networks by U.S. Department of Energy
 
Common Malware Types Vulnerability Management
Common Malware Types Vulnerability ManagementCommon Malware Types Vulnerability Management
Common Malware Types Vulnerability Management
 
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
 
The Top 20 Cyberattacks on Industrial Control Systems
The Top 20 Cyberattacks on Industrial Control SystemsThe Top 20 Cyberattacks on Industrial Control Systems
The Top 20 Cyberattacks on Industrial Control Systems
 

Recently uploaded

BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxPoojaSen20
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfakmcokerachita
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 

Recently uploaded (20)

BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docx
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdf
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 

The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading

  • 1. 7 Stages of Cyber Kill Chain Supplementary Reading
  • 2. Cyber 101: Supplementary Reading © 2017 Deloitte Touche Tohmatsu Limited Slide 2 The “cyber kill chain” is a sequence of stages required for an attacker to successfully infiltrate a network and exfiltrate data from it. Each stage demonstrates a specific goal along the attacker’s path. Designing your monitoring and response plan around the cyber kill chain model is an effective method because it focuses on how actual attacks happen. https://www.alienvault.com/blogs/security-essentials/defend-like-an- attacker-applying-the-cyber-kill-chain Overview https://www2.deloitte.com/content/dam/Deloitte/sg/Documents/ri sk/sea-risk-cyber-thought-leadership-noexp.pdf “It is vital that we have secure systems that we can trust, not just preventing credit card numbers from being stolen, but protecting ourselves from malicious attacks where there is hacking or Distributed Denial of Service attacks, you know what that is. Whether is it malware that infects our computers which steals sensitive information or possibly threatens critical infrastructure if it gets into the hospital IT systems, patients can die, if it gets into our power system, our power grid can be brought down, if it gets into our airport system, we can have a very serious problem.” says Mr. Lee Hsien Loong, the Prime Minister of Singapore.
  • 3. Cyber 101: Supplementary Reading © 2017 Deloitte Touche Tohmatsu Limited Slide 3 Reconnaissance What are reconnaissance attacks? A reconnaissance attack, as the name implies, is the efforts of an threat actors to gain as much information about the network as possible before launching other more serious types of attacks. Quite often, the reconnaissance attack is implemented by using readily available information. What is the objective? Reconnaissance Attacker will focus on “who”, or the network: “Who” will likely focus on privileged individuals (either for system access, or access to confidential data “Network” will focus on architecture and layout; tools, devices and protocols; and critical infrastructure. It is like a robber understanding the behaviour of the victim and breaking into the victim’s house. Types of reconnaissance attack: • Passive reconnaissance Definition: A hacker looks for information not related to victim domain. He just knows the registered domain to the target system so he can use commands (eg. Telephone directory) to fish information about the target • Active reconnaissance Definition:A hacker uses system information to gain unauthorized access to protected digital or electronic materials, and may go around routers or even firewalls to get it. "The problem with social media is that people have an inherent trust," explains Mark James, security specialist with IT security firm ESET. "And that is what is being tapped into by those cybercriminals." http://itsecurity.telelink.com/reconnaissance/ https://www.techopedia.com/definition/3650/active-reconnaissance
  • 4. Cyber 101: Supplementary Reading © 2017 Deloitte Touche Tohmatsu Limited Slide 4 Weaponization “Hackers used hundreds of thousands of internet-connected devices that had previously been infected with a malicious code – known as a “botnet” or, jokingly, a “zombie army” – to force an especially potent distributed denial of service (DDoS) attack.” The Guardian reports. https://www.theguardian.com/technology/2016/oct/22/cyber-attack-hackers-weaponised-everyday-devices-with-malware-to-mount-assault What are the more well-known cyber weapons? • Botnet A network of computers forced to work together on the command of an unauthorized remote user. This network of robot computers is used to attack other systems. • DDOS Distributed Denial of Service attacks is where a computer system or network is flooded with data traffic, so much that the system can’t handle the volume of requests and the system or network shuts down. • Malware Malicious software is injected into a system or network to do things the owner would not want done. Examples include: Logic bombs, worms, viruses, packet sniffers (eavesdropping on a network). https://sites.google.com/site/uscyberwar/cyber-weapons
  • 5. Cyber 101: Supplementary Reading © 2017 Deloitte Touche Tohmatsu Limited Slide 5 What is delivery? Attacker sends malicious payload to the victim by means such as email, which is only one of the numerous intrusion methods the attacker can use. There are over 100 delivery methods possible. Objective: Attackers launch their intrusion (weapons developed in the previous step) Two basic methods: • Adversary-controlled delivery, which involves direct hacking into an open port • Adversary-released delivery, which conveys the malware to the target through phishing Delivery “In a drive-by download attack, your browser loads the attacker's infected ad. Network-based antivirus protection on your perimeter can often block malicious JavaScript before it reaches the client.” http://www.darkreading.com/attacks-breaches/a-twist-on-the- cyber-kill-chain-defending-against-a-javascript-malware- attack/a/d-id/1326952 https://www.alertlogic.com/blog/the-cyber-kill-chain- understanding-advanced-persistent-threats/
  • 6. Cyber 101: Supplementary Reading © 2017 Deloitte Touche Tohmatsu Limited Slide 6 “Ransomware victims are always advised not to pay the ransom to get their files back because it encourages the attackers. The best way to mitigate damage from ransomware is to update operating systems and backup data. “ - CNN http://money.cnn.com/2017/06/27/technology/hacking-petya-europe-ukraine-wpp-rosneft/index.html Exploitation Once attackers have identified a vulnerability in your system, they exploit the weakness and carry out their attack. During the exploitation phase of the attack, the host machine is compromised by the attacker and the delivery mechanism typically will take one of two actions: • Install malware (a dropper) allowing attacker command execution. • Install malware (a downloader) and download additional malware from the Internet, allowing attacker command execution. Once a foothold is established inside the network, the attacker will typically download additional tools, attempt privilege escalation, extract password hashes, etc.
  • 7. Cyber 101: Supplementary Reading © 2017 Deloitte Touche Tohmatsu Limited Slide 7 What are the other possible malwares? Possible malwares include ransomware and remote-access Trojans and other unwanted applications. Installation of either a web shell on a compromised web server or a backdoor implant on a compromised computer system enables adversaries to bypass security controls and maintain access in the victim’s environment. Installation “A vulnerability in Valve's Source SDK, a library used by game vendors to support custom mods and other features, allows a malicious actor to execute code on a user's computer, and optionally install malware, such as ransomware, cryptocurrency miners, banking trojans, and others.” https://www.bleepingcomputer.com/news/security/valve-patches- security-flaw-that-allows-installation-of-malware-via-steam-games/
  • 8. Cyber 101: Supplementary Reading © 2017 Deloitte Touche Tohmatsu Limited Slide 8 What is it? Ransomware uses command and control connections to download encryption keys before hijacking your files. For example, remote-access Trojans open a command and control connection to allow remote access to your system. This allows persistent connectivity for continued access to the environment as well as a detective measure for defender activity. How is it done? Command and control of a compromised resource is usually accomplished via a beacon over an allowed path out of the network. Beacons take many forms, but in most cases they tend to be: • HTTP or HTTPS-based • Made to look like benign traffic via falsified HTTP headers In cases that use encrypted communication, beacons tend to use self-signed certificates or use custom encryption over an allowed path Command and Control https://blogs.rsa.com/stalking-the-kill-chain-the-attackers-chain-2/
  • 9. Cyber 101: Supplementary Reading © 2017 Deloitte Touche Tohmatsu Limited Slide 9 What does “Action” mean in cyber terms? Action refers to the how the attacker accomplish his final goal. The attacker's final goal could be anything from extracting a ransom from you in exchange for decrypting your files to exfiltrating customer information out of the network. In the latter example, data-loss prevention solutions can stop exfiltration before the data leaves your network. In other attacks, endpoint agent software can identify activity that deviates from established baselines and notify IT that something is amiss. This is the elaborate active attack process that can take months, and thousands of small steps, in order to achieve. Actions http://www.darkreading.com/attacks-breaches/a-twist-on-the- cyber-kill-chain-defending-against-a-javascript-malware- attack/a/d-id/1326952 "What we are seeing is the exact same features that have occurred overseas: a freezing of their IT systems and a ransomware note.“ said Dan Tehan Mr Tehan said the attacks were on small- to medium-sized private sector businesses and that government departments had been told to ensure they were protected. http://www.abc.net.au/news/2017-05- 14/ransomware-cyberattack-threat-lingers-as- people-return-to-work/8525554
  • 10. Cyber 101: Supplementary Reading © 2017 Deloitte Touche Tohmatsu Limited Slide 10 Will Kill Chain Tactics work for your Organization? If you don’t already have security and visibility built into your corporate environment, this may seem like an impossible hill to climb. But implementing a Cyber Kill Chain doesn’t have to be done overnight. Take smaller measures, completing stages as you are able. Do a check of your web presence to see what information it could give an attacker. Have each of your sites do an inventory of all computers so you can update them all. Implement layered security to decrease the possibility that threats will slip through unnoticed. Create a policy for dealing with malware events. Educate your staff about what to do with unexpected, suspicious emails. http://resources.infosecinstitute.com/cyber-kill-chain-is-a-great-idea-but-is-it-something-your-company-can-implement/#gref
  • 11. Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see www.deloitte.com/about to learn more about our global network of member firms. Deloitte provides audit, tax, consulting, and financial advisory services to public and private clients spanning multiple industries. With a globally connected network of member firms in more than 150 countries and territories, Deloitte brings world-class capabilities and high-quality service to clients, delivering the insights they need to address their most complex business challenges. Deloitte’s more than 244,000 professionals are committed to becoming the standard of excellence. This communication contains general information only, and none of Deloitte Touche Tohmatsu Limited, its member firms, or their related entities (collectively, the “Deloitte Network”) is, by means of this communication, rendering professional advice or services. No entity in the Deloitte network shall be responsible for any loss whatsoever sustained by any person who relies on this communication. © 2017. For information, contact Deloitte Touche Tohmatsu Limited