CISO2CISO.COM & CYBER SECURITY GROUP

The Unified Kill Chain by Paul Pols

The_Unified_Kill_Chain

Executive Summary
Organizations increasingly rely on Information and Communication Technology (ICT). This reliance
exposes them to growing risks from cyber attacks from a range of threat actors. The term Advanced
Persistent Threats (APTs) is used to refer to particularly capable and persistent threat actors. In this
white paper, a Unified Kill Chain (UKC) model is presented that details the tactics that form the
building blocks of cyber attacks by APTs. The Unified Kill Chain provides insights into the ordered
arrangement of phases in attacks from their beginning to their completion, by uniting and extending
existing models. The Unified Kill Chain can be used to analyze, compare and defend against targeted
and non-targeted cyber attacks.
Research shows that the traditional Cyber Kill Chain® (CKC), as presented by researchers of Lockheed Martin, is perimeter- and malware-focused. As such, the traditional model fails to cover other attack vectors and attacks that occur behind the organizational perimeter. The Unified Kill Chain offers significant improvements over these scope limitations of the CKC and the time-agnostic nature of the tactics in MITRE’s ATT&CK™ model (ATT&CK). Other improvements over these models include: explicating the role of users by modeling social engineering, recognizing the crucial role of choke points in attacks by modeling pivoting, covering the compromise of integrity and availability in addition to confidentiality and elucidating the overarching objectives of threat actors.

The case studies that were performed also falsify a crucial assumption underlying traditional kill chain models, namely that attackers must progress successfully through each phase of a deterministic sequence. The observation that attack phases may be bypassed affects defensive strategies fundamentally, as an attacker may also bypass the security controls that apply to these phases. Instead of focusing on thwarting attacks at the earliest point in time, layered defense strategies that focus
on attack phases that occur with a higher frequency or that are vital for the formation of an attack path are thus expected to be more successful.
These insights support the development (or realignment) of layered defense strategies that adopt the assume breach and defense in depth principles and to optimize the return on investment (ROI) of their security measures.
As the reliance of organizations on ICT continues to grow, and APT attacks continue to rise in number
and in force, the risks for organizations and societies as a whole increase at an accelerating pace. The
Unified Kill Chain attack model can be used in the areas of prevention, detection, response and intelligence to develop and realign defense strategies in an attempt to raise the resilience of
organizations and societies against this dangerous trend.

The-Unified-Kill-Chain-PDFDescarga
Facebook
Twitter
LinkedIn
Pinterest
admin

admin

All Posts »

Leave a Reply

Your email address will not be published. Required fields are marked *

Top Recommended Posts

THE FUTURE OF CYBER ENABLED FINANCIAL CRIME – New Crimes, New Criminals, and Economic Warfare by ASU THREATCASTING LAB
THE FUTURE OF CYBER ENABLED FINANCIAL CRIME – New Crimes, New Criminals, and Economic Warfare...
TALE OF PHIHING – Some Phishing Techniques & Awareness by HADESS.IO
TALE OF PHIHING – Some Phishing Techniques & Awareness by HADESS.IO
MANDIANT – M-Trends 2023 – Mandiant Special Report
MANDIANT – M-Trends 2023 – Mandiant Special Report
CISO2CISO VIDEO SERIES – ¿What is Your Password ?
CISO2CISO VIDEO SERIES – ¿What is Your Password ?
5 Targets Hackers Look for When Attacking an OT Network by Cynalytica
5 Targets Hackers Look for When Attacking an OT Network by Cynalytica
Cyber Risk and CFOs – Over-Confidence is Costly – 2022 Edition by KROLL
Cyber Risk and CFOs – Over-Confidence is Costly – 2022 Edition by KROLL
2022 Falcon OverWatch Threat Hunting Report – NOWHERE TO HIDE by CROWDSTRIKE
2022 Falcon OverWatch Threat Hunting Report – NOWHERE TO HIDE by CROWDSTRIKE
Malware and Vulnerability Trends Report H1 2022 by Recorded Future
Malware and Vulnerability Trends Report H1 2022 by Recorded Future
Securing the cloud by design and by Default by NCSC.GOV.UK – To reduce data breaches from cloud services, seek out providers who ensure functionality is ‘secure by default’
Securing the cloud by design and by Default by NCSC.GOV.UK – To reduce data breaches...
The Real Cyber War – The Political Economy of Internet Freedom by Shawn Powers & Michael Jablonski
The Real Cyber War – The Political Economy of Internet Freedom by Shawn Powers &...