One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 974772 |
| Date de publication | 2019-01-03 14:00:00 (vue: 2019-01-03 16:01:35) |
| Titre | The “Internal” Cyber Kill Chain Model |
| Texte | An Alternative to the “Classic” Cyber Kill Chain Model for Internal Attacks and Breaches Developed by Lockheed Martin, the Cyber Kill Chain® (CKC) framework is part of the Intelligence Driven Defense® model for the identification and prevention of cyber intrusions activity. The model identifies what adversaries must complete in order to achieve their objective. In recent years there have been numerous articles written to contest the effectiveness of the Cyber Kill Chain Model as it currently exists. The intent of this article is in no way to disavow or be critical of the work put into creating the Cyber Kill Chain by the LM-CIRT. Instead what this article strives to prove is that with slight modifications there are variances to the CKC that could improve its accuracy in non-traditional attack vectors. Today’s threat landscape has expanded and evermore, cyber-security overlaps many other aspects of security. This article strives to not only reinforce this point but to offer a framework to further the effectiveness of the traditional CKC by providing additional aspects to the CKC, enabling analysts to better understand and further their efforts in stopping data theft and cyber crime more effectively and efficiently.[1] Purpose of this article – To test the validity of the CKC model against alternative attack vectors that do not utilize the classic cyber kill chain’s workflow, primarily based around internal actor theft of sensitive information. The basis for the research - The research idea came from an article written by Ryan Stolte for the darkreading.com website. Link to the article is below. https://www.darkreading.com/attacks-breaches/reactive-or-proactive-making-the-case-for-new-kill-chains-/a/d-id/1332200? Summary of the research – The author of the article, Ryan Stolte, posed the question of whether or not the existing Cyber Kill Chain Model as written by Lockheed Martin was sufficient for the increasingly versatile threat landscape of today versus the less dynamic threat landscape of 2007 when the CKC was first conceptualized and published. The desired outcome of research – To create a new conceptual Internal Cyber Kill Chain Model that predicts the activities of an attack perpetrated by an internal malicious actor such as a disgruntled or disloyal employee. In the referenced article, there is mention of two types of internal actors who are most likely to attempt to perpetrate a malicious cyber or social engineering attack on their employer. Malicious Actors Defined Most traditional attacks are carried out through some variant of a phishing attack, which means that most of the attacks are allowed into the network by an unknowing accomplice. In the article, the author breaks down the internal actors by categorizing them as “Flight Risks” and “Persistent Insiders”. Flight Risks Flight Risks: Employees looking to leave the company can elevate the risk of data loss. They tend to be less sophisticated and exhibit less cautious behavior on their way out. The kill chain–style reactive risk model begins with looking for early indicators — for example, if an employee frequently visits job search websites, something he or she typically would not do. However, even if employees are visiting those kinds of websites, that doesn’t necessarily mean they are a threat. They be |
| Envoyé | Oui |
| Condensat | “calling /a/d 100 2014 access across act actor actor’s added all allowed also alternative amongst and/or are article as: assembly attack attention attribution back because become before belong blog breaches/reactive browser but buyer; can capabilities case cases cdn chain chains choosing; cloud com/attacks com/en combined common commonplace company computer connection constant corporate cover covered creating credentials cyber darkreading darkweb; data deep delete depositing detect detection difficult direct dns doing domain; draw drive drive; dropbox dump during earlier editor else email employ encrypted encrypting encryption environment especially example exfiltrate exfiltrating exfiltration exfiltration; external faster files from ftp going hard have here host hosting however html http/https https://www hubs human id/1332200 important inclusive: information internet kill least less like likelihood likely list location location; lockheedmartin log logs major majority make making manipulate many may middle migrating minimize model moderate monitoring more most neat necessary network network; new next night non not number obfuscation occur offsite one options ordinary other out out” over overall package part personal platform players port premise prepares preparing previous proactive process producers proof protocols proxy recon reference remove removing rent ryan scan scrutiny secure sent separately server services several shared should show slowly smart smtp someone something ssh ssl stage step stolte storage storage; such systems target temporary tftp them thumb time times today’s trace tracks traffic tunneling type under uploading us/capabilities/cyber/cyber used users usually utilize very ways web when where will “internal” |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.