Better still…. Are You Ready to Do Something About It?
This 7-Step Cybersecurity Kill-Chain Will Stop Your Enemy Cold! (But Not Before Gathering the Highly Prized Intelligence you want)
Intelli-Flex partner US ProTech has Mastered the Cybersecurity Kill Chain framework 1st developed with the DOD and in preparation for the CyberSecurity Summit, we wanted to share this information. It’s part of a process they have termed the “Intelligence Driven Defense model” for the identification and prevention of cybersecurity intrusion activity. The model identifies what 7-steps the adversaries must complete in order to achieve their objective and more importantly how and when to kill their presence.
We are going to run this in this series of 4 blog posts, that will provide you the critical info needed to take action against the greatest threat of our time – Hackers using APT’s.
Today, let’s discuss steps three and four in the process of seven:
a. Harvesting email addresses, conference information, etc.
b. The first step of any APT attack is to select a target.
a. Coupling exploit with backdoor into deliverable payload
b. Next, attackers will re-engineer some core malware to suit their purposes using sophisticated techniques.
a. The three most prevalent delivery vectors for weaponized payloads by APT actors, as observed by the US ProTech Computer Incident Response Team (USPT-CIRT) for the years 2005-215, are email attachments, websites, and removable media such as a USB stick.
The transmission and delivery of weaponized bundles to the victim’s targeted environment is the objective but these efforts arrive with some digital fingerprinting. This stage represents the first and most important opportunity for defenders to block an operation; however, doing so defeats certain key capabilities and other highly prized data. At this stage we measure of effectiveness of the fractional intrusion attempts that are blocked at the delivery point.
a. At this stage exploiting a vulnerability to execute code on victim’s system command channel for remote manipulation of victim is the objective.
Here traditional hardening measures add resiliency, but custom defense capabilities are necessary to stop zero-day exploits at this stage. After the weapon is delivered to victim host, exploitation triggers intruders’ code. Most often, exploitation targets an application or operating system vulnerability, but it could also more simply exploit the users themselves or leverage an operating system feature that auto-executes code. In recent years this has become an area of expertise in the hacking community which is often demonstrated at events such as Blackhat, Defcon and the like.
900,833,392+ Records Breached During 5,063 Reported Data Breaches**Explanation about this totalComing Soon:
6. Real-Life Example “IsSpace Backdoor”
7. COMMAND & CONTROL
8. ACTIONS ON OBJECTIVES
CONTACT US for a demonstration
REGISTER TODAY for the Inland Southern California Cybersecurity Summit (#ISCCS)
Guest Blogger - Jonathan Goetsch, Speaker and Panelist at ISCCS
Jonathan Goetsch is the CEO of US ProTech, Inc., a highly recognized Cybersecurity services company that has been established since 1999 serving thousands of clients. Based in Las Vegas, NV with operations in California, Texas and Belgium, US ProTech’s Cyber-Expertise serves mid-market to large enterprise business and Governmental agencies in six countries. As an Offensive-Side Red-Team Cyber Penetration Testing Team, US ProTech specializes in cybersecurity processes that are approved by the U.S. Government, validated by the U.S. Department of Commerce to exceed US Military Standards under NIST (National Institute of Standards and Technology) and accommodates SCAP (Security Content Automation Protocol). Jonathan’s work in the Cybersecurity community spans the past 20+ years and he’s regularly recognized by the media and his peers for exceptional industry insight, contributions to the community and has been named to The Top 20 List as Global Providers of Cyber Security Services each of the past two years.