Question(s): In response to your peers, discuss the possible gaps left by using a tool like the one described in their initial posts.
PEER POST # 1
Organization can utilize tools like the cyber kill chain to help them prepare for potential threats. The cyber kill chain was developed by Lockheed Martin in 2011 and is used to outline how a threat actor might prepare and execute a cyber attack. The kill chain has eight key steps. First, Reconnaissance, In this stage the threat actor is gathering information about potential vulnerabilities within the target network. Second, Weaponization, In this stage the threat actor will create the attack vectors that will be used in the attack. Third, Delivery, In this stage the threat actor will implement the attack, such as phishing attacks or malware. Fourth, Exploitation, in this stage the threat actor releases the harmful code on the targets network. Fifth, Installation, In this stage the threat actor will install malware or other viruses into the target network. Sixth, Command and Control, In this stage the threat actor has control of the network and works to gain access to other parts of the network as well. Seventh, Actions on Objectives, In this stage the threat actor carries out what ever the aim of the attack was whether that be damage, encryption, or other motivations. Lastly, Monetization, In this stage the threat actor will attempt to get money from the organization in exchange for not destroying or releasing the data. It is useful for organizations to understand the planning of threat actors so that they can prepare counter offensives.
PEER POST # 2
Much effort and research go into the anatomy of cyber attacks. The Lockheed Martin cyber kill chain utilizes seven stages of an attacker methodology to infiltrate the target. Proactively gathering this information from an informed threat modeling aids organizations in actively mitigating these threats or minimizing the impact of the threats. Another useful tool is the Unified Kill Chain model. The Unified Kill Chain (UKC) provides insights into the ordered arrangement of phases in attacks from their beginning to their completion, by uniting and extending existing models to analyze, compare, and defend against targeted and non-targeted cyber attacks (Pols, 2023). The premise behind this modeling incorporates Cyber Kill Chain modeling with the MITREs ATT&CK model and several other models. The resulting UKC is a meta model that supports the development of end-to-end attack specific kill chains and actor specific kill chains, that can subsequently be analyzed, compared and defended against (Pols, 2023). The model looks to case studies, evaluation of previous attacks, and identifying loops in attack paths. The focus of the model is not only on the perimeter defenses but also behind or within the perimeter assuming the attacker is already inside.
