Within the past decade, the use of technology has shifted from sharing minimal information to store and process extremely momentous information. A lot of organizations have the idea and the effectiveness of cyber kill chain and its detrimental effect on security of a network. In contrast with the common cyber criminals who usually look for weak areas in the system, the advanced cyber criminals break their intrusion into distinct stages called the cyber kill chain (Jim, 2017). With each step meticulously planned so as they can have an easy intrusion into a network. When an organization understands the distinct stages of the cyber kill chain, they will be in a better situation to be able to formulate ways to combat any attack at any stage. This paper focuses on the Installation stage of the cyber kill chain and measures which can be used to prevent an attack at this stage.
After an intruder’s code has been triggered, installation stage follows. Installation stage is the installation of malware remotely on the targeted network. This stage allows the intruder to have persistent access to the network of a target (Benlein, Jim, CISA,C.I.S.M., C.R.I.S.C. 2017). This type of access at the installation stage usually provides an intruder with a huge access to the system such as they can disguise themselves as a user or at an elevated level they can have access to an administrator. With this access, the intruders ensure that their tools are embedded at any point in the target network efficiently so that they can acclimatize themselves to the new environment. The goal of installation is to maintain persistence of the access. This means that even of the targeted system goes down and restart; the intruders will still have access to the target system.
Once a single system is infected, it has the potential to spread to other networks. Other Kiley scenarios include privilege escalation and provide internal scan so as to be able to steal the information that they need from the system. Also, once the malware has been installed, they have the capability to hide their existence on the security features in a network through a variety of method such as tampering with the security features.
We can do it today.
As a consultant and adviser of Chief Information Security Officer (CISO), my advice as a mitigation strategy against installation in the cyber kill chain is ensuring that one disables the auto play for Universal Serial Bus (USB) devices (Beales, 2004). Giving a chance for files to run without any approval is dangerous for network security. It is recommended that the user is given a chance to see and think before launching any software. Consequently, the use of antivirus software is important to be installed on any network. An antivirus is more advanced than an Intrusion Prevention System. This is because an antivirus software can be able to catch any threats based on suspicious behavior or software which are running in a very suspicious manner.
In conclusion, installation system is where an intruder can bypass a security channel and maintain access to a network. With this unlimited access, an individual can remotely launch the intended software to the system and also be able to spread the malware. Using antivirus software is the ultimate solution for installation stage of the cyber kill chain.
- Beales, R. (2004). PC systems, installation and maintenance (1st ed., p. 365). Amsterdam: Elsevier/Newnes.
- Benlein, Jim, CISA,C.I.S.M., C.R.I.S.C. (2017). Know thy hacker. Credit Union Management, 40(1), 24.
- Jim, B. (2017). Know Thy Hacker. Credit Union Management, 40(1), 23.