According to a report released by the Identity Theft Resource Center (ITRC) and CyberScout, data breaches in the US increased by 40 percent in 2016, hitting an all-time record high of 1,093 reported cases. Meanwhile, CyberSecurity Malaysia mentioned that 2,328 intrusions were reported to them up to the end of November last year and that is just the tip of the iceberg as many such incidents in this part of the world remain unreported. Year after year, targeted cyber-attacks on corporations are not only increasing in frequency, but also severity and sophistication, resulting in financial loss, business interruption, loss of data and reputation damage. It is a global problem which shows no signs of letting up.
Based on the number of breaches that occur each year, it’s obvious that traditional antivirus providers and IT teams are struggling to keep up against advanced cyber threats. A new approach to cybersecurity is required. Next-generation security is about evolving beyond simply block-and-tackle techniques towards understanding the root causes behind cyber-attacks. Having a better understanding how attackers operate will certainly help us to better defend our networks.
The cyberattack cycle is a way of describing the sequential actions that take place, from the attacker’s perspective, in the event of a cyberattack. Detecting and disrupting an action anywhere along this cycle can serve to stop the entire attack from succeeding. This approach is also known as the cyber kill chain whereby the military approach of a kill chain is applied to cyber security. Now, let’s take a look at 7 stages of the cyberattack cycle.
Reconnaissance - Research, target selection, harvesting emails and information about targets
Weaponisation - Coupling exploit with backdoor into a deliverable payload
Delivery - Delivering payload to target via email, Web, USB, or other method
Exploitation - Exploiting a vulnerability to execute the malicious code
Installation - Installing a remote access trojan or backdoor on target system
Command and Control - Establishing beacon and channel to receive directives
Actions and Objectives - Collecting, encrypting and extracting data from victim, or disrupting operations
Looking for signs at all stages of an attack allows intrusions to be detected faster and earlier, enabling early preventative measures to be taken instead of just clean-up. Carbon Black’s Cb Response redefines Incident Response (IR) with instant root cause analysis and the fastest end-to-end response time. It continuously records 100% of all activity and visualises the complete attack kill chain empowering real-time response and remediation and proactive threat hunting.
With this approach, enterprises can minimise the impact on their business in case a compromise does happen by stopping the intrusion dead in its track.