Essay on Cybercrime and Digital Forensic
Number of words: 1086
In the modern world, cyberattacks have become a common practice within the many organizations around the globe. Attackers have now become more sophisticated, well-resourced and knowledgeable in launching skillful intrusions as they hand for data and information. Organizations have become the defenders of cyberattacks, and they ought to advance their operational practices to better proactive cybersecurity cadence. However, over the years, both public and private entities have employed defence contractors such as Lockheed Martin who have provided the necessities towards handling cyber incidents. In this regard, a kill chain for cyber incidents was implemented by Lockheed Martin to help in identifying and preventing cyber intrusions. The kill chain constitutes several steps, and they include the reconnaissance phase, then weaponization concept, delivery phase, the concept of exploitation, process of installation, concept of command & control and then actions to objectives. The chain helps in increasing defensibility of the organizational environment by catching and stopping cyber threats. However, organizations are entitled to have threat intelligence to adopt the right practices and implement policies towards a secure environment.
Lockheed Martin advocated for a good defence against offensive maneuvers regarding cyberattacks. Within Lockheed Martin strategy of dealing with cyberattacks, there are five ways in which success can be achieved in offering a good defence (“Intelligence Driven Defense®”, 2019). Such ways include first centralizing operations then monitoring threats through intrusion detection techniques, then managing actionable intel by having threat intelligence. In addition, proactively defending through analysis and mitigation and finally measuring success through assessments and tests to enhance systems are fully operational and risk-free. The main idea behind the five ways is to be able to manage cyber incidents without suffering from huge security breaches. Lockheed Martin, through the Intelligence Driven Defense initiative, has helped many released that attacks have become complex and organizations have to evolve into the new and advanced ways to deal with cybercrime.
For hackers to launch successful attacks, they must accomplish all the seven steps. The seven steps entail details of how to successfully compromise as well as effectively defend network segments and systems (Martin, 2015). First, in reconnaissance, an attacker identifies a target for an attack and a defender tries to determine the intent of an adversary. Secondly, for weaponization, the attacker prepares for an attack manly through malware, and the defender initiates an analysis for malware artifacts. Thirdly, in delivery, an attacker conveys the malware to the target, and the defender scans the systems for attacks. Fourthly, for exploitation, the attacker exploits the vulnerabilities, and the defender has to have been trained on the vulnerabilities within systems. Fifthly, in installation, the attacker makes an implant to allow access for some time while the defender audits the systems to identify abnormal file creations. Sixthly, for command & control (C2), the adversary can manipulate the network while the defender discovers the C2 and hardens the network to block the C2. Finally, in actions on objectives, the adversary accomplishes their goal, whereas the defender initiates incident response and uses forensic evidence tools to network assessment.
Cyber threats are inevitable within the technological world today but having threat intelligence can help in providing a secure environment for the operations of any organization. According to Gartner, threat intelligence entails an evidence-based knowledge regarding the context, techniques, detectors as well as actionable advice concerning the emerging hazards to organizational assets towards launching appropriate response (“Addressing the Cyber Kill Chain”, 2016). When an organization has threat intelligence, it can address threats and risks through more proactive ways. The main idea of embracing threat intelligence is to achieve dynamic defence where network and systems are ever-changing to avoid attacks from common practices.
The malware attack has been a significant blow to target organizational networks or systems. It is upon defenders to understand malware attacks through threat analysis regarding cybersecurity attacks. Since attackers follow the cyber-kill chain in launching attacks, defenders have to break the chain of attacks are to be stopped. According to Marc, the weaponization stage is critical for attackers and defenders find it hard to defend against this stage (Laliberte, 2016). Therefore, he proposes the removal of weaponization stage and adding lateral movement as the sixth stage. This follows from the fact that attackers compromise the weaker systems first and then move laterally throughout the network to achieve their attack. In this regard, defenders are able to detect and prevent lateral movement through network segregation via the firewall, thereby securing systems before attackers achieve their goal.
For adversaries to launch cyberattacks, they initiate a campaign of efforts which allow access and presents enough information for devising an effect on the target systems. The campaign constitutes the entire operation for attackers concerning the defender organization and its networks and systems (Assante, 2015). However, there is a cyber-kill chain for Industrial Control Systems (ICS) which comprises of CIPE (Cyber Intrusion Preparation & Execution) then secondly ICSADE (ICS Attack Development & Execution) stages. In the cyber intrusion preparation & execution, the idea is to gain access to data and information concerning the ICS, studying the system as well as provide mechanisms to enable the beating of internal perimeter protections. For ICS attack development & execution, an attacker has to know the first stage in order to particularly develop and do testing on the capability to launch meaningful tacks on the ICS. However, the ICS concept helps defenders in better understanding the phases involved in adversary campaign towards an ICS so as to identify opportunities to detect, remediate and defend networks and systems.
References
Addressing the Cyber Kill Chain: Full Gartner Research Report and LookingGlass Perspectives. (2016) Retrieved from LookingGlass, https://www.gartner.com/imagesrv/media-products/pdf/lookingglass/lookingglass-1-34D62N3.pdf
Assante, M. J., & Lee, R. M. (2015, October ). The Industrial Control System Cyber Kill Chain. Retrieved from SANS, https://www.sans.org/reading-room/whitepapers/ICS/industrial-control-system-cyber-kill-chain-36297
Laliberte, M. (2016, September 21). A twist on the Cyber kill chain: Defending against A JavaScript Malware attack. Retrieved from http://www.darkreading.com/attacks-breaches/a-twist-on-the-cyber-kill-chain-defending-against-a-javascript-malware-attack/a/d-id/1326952
Martin, L. (2015). GAINING THE ADVANTAGE: Applying Cyber Kill Chain (C) Methodology to Network Defense. Lockheed Martin Corporation. Retrieved from https://www.lockheedmartin.com/content/dam/lockheed-martin/rms/documents/cyber/Gaining_the_Advantage_Cyber_Kill_Chain.pdf
The Lockheed Martin Intelligence Driven Defense®. (2019). Retrieved 23 September 2019, from https://www.lockheedmartin.com/en-us/capabilities/cyber/intelligence-driven-defense.html