-What do you think of the Lockheed Kill Chain? Why has this model caught on with

Question

-What do you think of the Lockheed Kill Chain? Why has this model caught on within the information security field?

-Identify some malware that has been released in the last few years. Describe how it worked and how it impacted organizations (i.e., how successful was it). How was the malware ultimately thwarted? What were the malware's defining characteristics?

-Identify a breach that interests you and provide a detailed breakdown of the attack. How did was it launched, how long did it take to identify, and how has the organization responded since?

-What are the ethical considerations behind adopting a honeypot approach for security? Do you see this as a form of entrapment - why or why not?

Explanation / Answer

Answering the first 4 questions:

1. Lockheed Kill chain is basically a phase-based model which is used to describe the phases of a cyber or malware attack. The division of attack in terms of phases, helps in keeping the system aware and prepared to tackle such attacks.

The various phases are:

The cyber kill chain has become an integral part of the Intelligence Driven Defense model. This model facilitates the identification and prevention of cyber intrusions and cyber attacks. So it has become quite popular in the information security field.

2. Some malwares that have been released in the last few years are:

The Lockheed Kill chain was quite effective in stopping the attacks of these malwares in some organizations like some prestigious banks.

3. The malwares were ultimately thwarted because of initial assessment of their occurrence. The system was able to detect the probability of the occurrence of a malware and so the overall system was prepared before hand to reduce or mitigate the impact of any such attack. One such malware was the BIOS plot which could have impacted the overall computers in USA. The timely attempts of NSA helped in preventing the attack.

The defining characteristics of BIOS attack were:

4. There was a recent cyber attack on the Cosmos bank in India, in Aug 2018. The malware attack had stole the customer information and conducted malicious transactions of around 805 million dollars in just 2 hours. The switching system of the debit card transaction proposal was compromised by the attackers and facilitated the loot.

The attackers conducted a malware attack on the database of Cosmos Bank on Aug 11 2018. This database was connected to the ATM server of the bank and had ATM information of various consumers. Around 14849 fraud transactions were triggered which led to malicious withdrawal of around 805 million dollars from consumer accounts.

The banking transactions and servers of the bank have been freezed. SITs have been incorporated to investigate the matter and identify the attackers.

https://indianexpress.com/article/cities/pune/cosmos-bank-malware-attack-atms-used-in-india-identified-says-pune-sit-5316691/

https://defintel.com/blog/index.php/2017/01/7-biggest-malware-threats-of-2017.html

https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html

https://www.csoonline.com/article/2134037/cyber-attacks-espionage/strategic-planning-erm-the-practicality-of-the-cyber-kill-chain-approach-to-security.html

Related Questions

Navigate

• Browse (All)
• Browse #
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.