Skip to main content

MTI Forum 2014: Are you ready to stop threats across the kill chain?

Seduced by talk of cyber threats and the tempting promise of dappled country sun, ITProPortal found itself drawn away from the hustle and bustle of the city centre this week to take part in the annual MTI Forum in Windsor. Playing host to a score of expert seminars, one particular concept that piqued our interest was that of the kill chain.

Thankfully not a menacing medieval weapon, the kill chain was coined by Lockheed Martin's security team in their fight against advanced persistent threats - an increasingly dangerous phenomenon facing IT security departments. The "chain" refers to the steps taken by cyber attackers to acquire valuable data.

Jonathon Wood delivered Websense's take on the kill chain, breaking down the process into seven steps. If one step can be isolated and protected, he claimed, then cyber attacks can be prevented.

"People are no longer bedroom hackers working from home," he said of the modern cyber criminal. "Attackers these days are organised cyber criminals. Their attacks are becoming much more targeted and much more complex."

"Their ultimate aim is to make money. Data ultimately is what they're after - data is what they can make money from."

So what are the seven steps of the kill chain?

Recon: In order to exploit a person's data, hackers needs to know who they're targeting. In days gone by, a cunning phone call to the firm would identify the target, but now recon has become incredibly easy due to the near-ubiquity of social media profiles like Facebook and LinkedIn.

Lure: Once identified, the hacker attempts to lure the target into performing an action - a fake email from a fellow employee offering free football tickets, for example. Anything that will motivate the employee to click on a link basically.

Redirect: By clicking the luring link, the employee is redirected to a compromised website.

Exploit kit: With the link made between attacker and target made, the hacker then seeks to find a point of vulnerability within the affected device. Perhaps the employee is running Flash, Windows 7, Firefox - any programme with a weak point can effectively be used as a way in.

Dropper file: Once in, the hacker then drops a file onto the target's machine which carries the code to "drop" a virus into the system.

Call home: Quite often the dropper file will communicate back to the hacker to confirm a successful embed. The hacker can also send back further direction.

Data theft: The finale: the hacker steals the data and the attack is complete.

Websense offers a security solution package called ACE that isolates and protects stages within the kill chain, the aim being to stop threats in their tracks before data theft occurs. Worryingly though, organisations will soon have more than just their standard computers and tablets to fret about. The Internet of Things, a concept that was buzzing around the MTI Forum, adds a whole new realm of devices vulnerable to cyber attacks, the classic example of course being the fridge that orders new food online when it's empty.

But rather than hackers cooking employees with the smart air-con or ordering twenty packs of fish fingers for the office freezer, IoT devices could well act as a conduit for attacks.

"[The air-con] is a host that sits inside a corporate network that will be connected to other things within that corporate network," Wood informed us.

"There are so many things that a business could potentially benefit from, it's really hard to understand at this stage how big it's going to be, and that of course poses a risk to organisations that they probably haven't conceived of," he added.