The early indications of a breach: Cyber kill chain analysis

March 24, 2021

Posted by: Anasia D'mello

There has been a significant uptake of notifiable ransomware events, the majority of which presented in the media have been high-profile attacks. This is not new news, says Eleanor Barlow, content manager at SecurityHQ.

In London, months after a single incident, Hackney Council is still suffering the backlash from an attack. What is concerning, however, is the rate at which ransomware is rising, and how unprepared businesses are against it, despite being aware of the threat.

‘In the past decade, attacks that fall under the ‘ransomware’ umbrella have evolved from a consumer-level nuisance of fake antivirus products, to sophisticated malware with advanced encryption capabilities that now primarily target public and private sector organisations. No single industry, geography or size of business is immune.’ – IBM

What needs to be examined to improve the business position

In response, SecurityHQ has released a white paper entitled ‘Machine Learning for Ransomware Detection. Cyber Kill Chain Analysis. Part One’ to focused on some of the earlier indications of a breach that can lead to a successful ransomware strike.

This included a look into how Artificial Intelligence (AI) and Machine Learning (ML) are used to contextualise, rather than predefine threats via an analysis of the threat landscape with regards to COVID-19, a view on related phishing attacks and the internet facing attack surface. As well as an exploration of recent Advanced Persistent Threats (APTs), Remote Code Execution (RCEs), and low-level threat actors.

Followed by a look into the detection of ransomware across the Cyber Kill Chain, and an assessment of initial access of publicly exposed infrastructure and internal recon, including a discussion of attack and recon tools in SMB, with a look at model template flexibility.

But, while improvements are being made to arm law enforcement, efforts are still too slow to squash the issue of ransomware, and its rise throughout 2021. To accurately inform businesses, one paper was simply not enough to cover a fraction of this subject sufficiently.

Which is why this paper The Early Indications of a Breach. Cyber Kill Chain Analysis.’ will continue the discussion by taking a look into attack tools download, unusual BITS activity, lateral movement, new or unusual remote command execution, C2 communication, botnet C2 behaviour, encryption, suspicious SMB file extension, data exfiltration, and privilege escalation. Followed by the examination of what companies can/should do to protect against ransomware in terms of prevention, and what the rest of 2021 looks like in terms of ransomware attacks.

SecurityHQ is a managed security service provider, delivering solutions to clients around the world. They receive an enterprise-grade experience aiming to ensure that all IT virtual assets, cloud, and traditional infrastructures, are protected.

Click here to Download White Paper

The author is Eleanor Barlow, content manager, SecurityHQ.

Comment on this article below or via Twitter @IoTGN