Workload and Application Security Blog

What is the cyber kill chain? Why it's not always the right approach to cyber attacks.

Written by Virsec | Nov 7, 2017 11:12:18 PM

CSO Online, November 7, 2017; comments by Maria Korolov.

Cyber attackers follow a series of steps when perpetrating their attack plan. First, they might perform reconnaissance where they evaluate which companies could be the most advantageous targets. Then they might use approaches such as spear phishing to go after a specific person or group of people, often leveraging information found about the company on LinkedIn or other reputable sources to make their façade seem more believable.

After they have a foot in the door of a company’s network, they have resources in place to “phone home” and receive instructions remotely to continue the attack. The farther along the kill chain the attack goes, the greater the damage, of course.

Cyber attacks increasingly targeting web servers and applications

Attacks are following different patterns as well these days. Some attacks take advantage of known vulnerabilities, such as the Equifax breach that took advantage of an Apache struts web server. A patch was available for that vulnerability that would have prevented the attack. Other attacks known as zero day attacks are not yet identified and have no patches, and therefore are even more sneaky and dangerous.

Applications themselves are becoming an increasing target area.

Satya Gupta, founder and CTO at Virsec Systems, Inc. told CSO Online, "Security needs to move closer to the application and go deeper into core processes and memory usage. New control flow technology, embedded at the application level, understands application protocols and context, and can map the acceptable flow of an application--similar to a Google map. If the application is supposed to go from point A to point B, but makes an unexpected detour, then something is definitely wrong."

Cyber attackers are doing more and more to cloak their moves and remain undetected…including leaving back doors open in networks so they can invade again at a later time. Organizations need to start applying the same level of creativity and ingenuity to their defense mechanisms if they’re going to stay ahead of these plotted moves.

Read the full Cyber Kill Chain