Cyber Kill Chain Analysis

Authors: Ionut – Daniel BARBU, Ioan – Cosmin MIHAI & Stefan PRUNA

Published: IJISC Volume 3, Issue 2, Year 2014

Sources:

http://www.lockheedmartin.com/us/what-we-do/information-technology/cyber-security/cyber-kill-chain.html

http://www.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pdf

Abstract:

The purpose of this paper is to present a structured approach of Advance Persistent Threats attacks and to analyse the intrusion kill chain in order to determine intrusions indicators. The analysis divides the phases of a cyber-attack and map them to response procedures.

Cyber Kill Chain

We highly recommend studying the original Lockheed Martin Cyber Kill Chain White Paper.

Book references:

[1]Adobe. APSA09-01: Security Updates available for Adobe Reader and Acrobat versions 9 and earlier, February 2009. URL http://www.adobe.com/support/security/advisories/apsa09-01.html.

[2]Duran, S. H. Conrad, G. N. Conrad, D. P. Duggan, and E. B. Held. Building A System For Insider Security. IEEE Security & Privacy, 7(6):30{38, 2009. doi: 10.1109/MSP.2009.111.

[3]Keith Epstein and Ben Elgin. Network Security Breaches Plague NASA, November 2008. URL http: //www.businessweek.com/print/magazine/content/08_48/b4110072404167.htm.

LTC Ashton Hayes. Defending Against the Unknown: Antiterrorism and the Terrorist Planning Cycle. The Guardian, 10(1):32{36, 2008. URL http://www.jcs.mil/content/files/2009-04/041309155243_spring2008.pdf.

[4]Bryan Krekel. Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation, October 2009. URL http://www.uscc.gov/researchpapers/2009/

NorthropGrumman_PRC_Cyber_Paper_FINAL_Approved%20Report_16Oct2009.pdf.

[5]James Andrew Lewis. Holistic Approaches to Cybersecurity to Enable Network Centric Operations, April 2008. URL http://armedservices.house.gov/pdfs/TUTC040108/Lewis_Testimony040108.pdf.

[6]Mandiant. M-Trends: The Advanced Persistent Threat, January 2010. URL http://www.mandiant.com/products/services/m-trends.

[7]Microsoft. Microsoft Security Bulletin MS09-017: Vulnerabilities in Microsoft O_ce PowerPoint Could Allow Remote Code Execution (967340), May 2009a. URL http://www.microsoft.com/technet/security/bulletin/ms09-017.mspx.

[8]Microsoft. Microsoft Security Advisory (969136): Vulnerability in Microsoft O_ce PowerPoint Could Allow Remote Code Execution, April 2009b. URL http://www.microsoft.com/technet/security/advisory/969136.mspx.

[9]Sarandis Mitropoulos, Dimitrios Patsosa, and Christos Douligeris. On Incident Handling and Response: A state-of-the-art approach. Computers & Security, 5:351{370, July 2006. URL http://dx.doi.org/10.1016/j.cose.2005.09.006.

[10]National Institute of Standards and Technology. Special Publication 800-61: Computer Security Incident Handling Guide, March 2008. URL http://csrc.nist.gov/publications/PubsSPs.html.

[11]National Research Council. Countering the Threat of Improvised Explosive Devices: Basic Research Opportunities (Abbreviated Version), 2007. URL http://books.nap.edu/catalog.php?record_id=11953.Sakuraba, S. Domyo, Bin-Hui Chou, and K. Sakurai. Exploring Security Countermeasures along the Attack Sequence. In Proc. Int. Conf. Information Security and Assurance ISA 2008, pages 427{432, 2008. doi: 10.1109/ISA.2008.112. Alex Stamos. Aurora” Response Recommendations, February 2010. URL https://www.isecpartners.com/files/iSEC_Aurora_Response_Recommendations.pdf.

[12]John A. Tirpak. Find, Fix, Track, Target, Engage, Assess. Air Force Magazine, 83:24{29, 2000. URL http: //www.airforce-magazine.com/MagazineArchive/Pages/2000/July%202000/0700find.aspx.

[13]UK-NISCC. National Infrastructure Security Co-ordination Centre: Targeted Trojan Email Attacks, June 2005. URL https://www.cpni.gov.uk/docs/ttea.pdf.

[14]United States Army Training and Doctrine Command. A Military Guide to Terrorism in the Twenty-First Century, August 2007. URL http://www.dtic.mil/srch/doc?collection=t3&id=ADA472623.

[14]US-CERT. Technical Cyber Security Alert TA05-189A: Targeted Trojan Email Attacks, July 2005. URL http://www.us-cert.gov/cas/techalerts/TA05-189A.html.

[15]U.S.-China Economic and Security Review Commission. 2008 Report to Congress of the U.S.-China Economic and Security Review Commission, November 2008. URL http://www.uscc.gov/annual_report/2008/annual_report_full_08.pdf.

We highly recommend studying the original Lockheed Martin Cyber Kill Chain White Paper.

Advertisements

Leave a comment

Filed under General

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s