"DNS should be an organisation's first line of defence as most ransomware and malware uses DNS at multiple points in the cyber kill chain
"All cyber-attacks take place in multiple steps, as defined in Lockheed Martin's Cyber Kill Chain
," said McBride.
increasingly sophisticated cyber kill chain
. Today's attacks are multi-faceted,
More than 90 per cent of malware uses Domain Name System (DNS) at various stages of the cyber kill chain
to penetrate the network, infect devices, propagate laterally, and exfiltrate data.
Summary: Lockheed Martin's cyber kill chain
approach breaks down each stage of a malware attack where you can identify and stop it.
"But security controls alone are not sufficient to address a ransomware threat, and organisations need to adopt a multi-layered approach to stop the cyber kill chain
. This means identifying emerging threats before an attack, quick detection, a swift response to an attack, all the way through to the backup and recovery process."
Luckily, there are many tools and companies now that identify internal attacks as well as track threats as they flow along the cyber kill chain
Their study concludes that organizations should understand the Cyber Kill Chain
in order to get inside the minds of advanced threats while engaging in intelligence-driven network defense.
Most attacks follow a 'process' that identified attackers' behaviours, ranging from researching, to launching an attack and ultimately to data exfiltration: this is articulated as the "Cyber Kill Chain
The "cyber kill chain
for intrusion detection" is a wonderfully succinct concept that models intrusions in a network, from reconnaissance through to culminating in a system of attack.
Conceptualizing a cyber kill chain
enables the JFCCC to understand how the adversary plans and conducts cyber operations.