The Lockheed Martin Cyber Kill Chain states there are seven stages of a cyber attack, and your organisation can be protected, if the chain is stopped at any of the stages. The higher up the chain it can be stopped, the better the protection to your network.
The stages are as follows:
- Command & Control
- Act on Objectives
Websense 7 Stages of Advanced Threats
Prior to a breach, some research (or recon) will need to be done. This research will include the company and its people. By way of checking yourself, a quick internet search of your organisation or you will bring up a lot of information. The use of LinkedIn helps pinpoint people to organisations, as well as organisations that work together. While Facebook and Twitter will help with hobbies and out of work activities.
LureIf hobbies or working relationships are known, the lure containing information regarding hobbies or an organisation you work with will be of interest. The lures can use email and social media from seemingly trusted sources.
RedirectEmails and social media can contain links, which then redirect the target, scan a system or prompt for software to be installed.
Exploit KitThe links can be for compromised websites, where an exploit kit located there can scan the users computer for vulnerabilities. The exploit kit is effectively looking for a path into the computer.
Dropper FileThe dropper file is the malware that is used to infect the users computer. The software when executed can immediate start gathering data, it can sit dormant for a period of time to mask it's true intentions, or may be used to deliver malware in the future.
Call HomeThe malware can then call home, contacting a Command & Control server to receive instructions, or additional software and tools.
Data TheftWhat as the point of all of this effort? To steal data!
Stopping the Attack
Not all attacks will contain will seven stages. Some attacks will only involve three of these stages, but it highlights the sooner in the chain the attack is prevented, the less damage that will be done to the network.
Working in a technical environment, I see a number of solutions that only focus on some of these stages, which is no good if the attack skips those steps. I have worked with the Websense solutions for over seven years, and see that their solutions can prevent attack at all levels (expect the "Recon", but no technical solution can prevent an attacker from carrying out an internet search on people or organisations!)
MTI is a Websense Platinum Partner in the UK, and can help secure your network against cyber attacks.