Menu
INSIGHT: How NZ businesses can break the cyber attack lifecycle

INSIGHT: How NZ businesses can break the cyber attack lifecycle

"The cyber attack lifecycle refers to the procedure attackers use to infiltrate networks and extract data."

Organisations in New Zealand with adequate security measures can break the six-step attack lifecycle at any stage to protect their network and data, while those that don’t have adequate measures in place are at the mercy of cyber criminals.

“The cyber attack lifecycle refers to the procedure attackers use to infiltrate networks and extract data,” says Gavin Coulthard, manager, engineering, Australia and New Zealand, Palo Alto Networks.

“Organisations need multiple threat prevention capabilities built into security platforms to protect them at every stage of the attack cycle.”

Palo Alto Networks has identified ways to break the cycle at each of the six stages to prevent a successful outcome for the attackers and maintain the integrity of your network:

1. Reconnaissance:

Attackers often use phishing tactics or extract public information from an employee’s social media profile, or from corporate websites. They use this information to craft a request to the target organisations’ staff that looks legitimate enough for them to click on.

The subsequently downloaded malware is utilised to look for network vulnerabilities, services and applications they can exploit.

To break the lifecycle, organisations can use URL filtering to prevent attackers from manipulating social media and website information.

Organisations should continuously inspect the network traffic flow with intrusion and threat prevention technologies to detect and prevent port scans and host sweeps.

2. Weaponisation and delivery:

Attackers use various methods such as embedding intruder code within files or emails, or crafting deliverables around specific interests of individuals.

Organisations can break the cycle with next-generation firewalls. This provides full visibility into all traffic, and blocks all high-risk applications.

Using multiple threat prevention disciplines including IPS, anti-malware, anti-CnC, DNS monitoring and sink holing, and file and content blocking can block known exploits, malware, and inbound command-and-control communications.

3. Exploitation:

Attackers that have gained access to the network could activate the attack code and take control of the target machine.

End point protection technologies can block known and unknown vulnerability exploits. Sandboxing technology can automatically provide global intelligence on malware and threats to prevent follow-up attacks on other organisations.

4. Installation:

Attackers establish privileged operations and root kit, escalate privileges, and establish persistence on the organisation’s network.

Organisations can use end point protection technologies to prevent local exploitation leading to privilege escalation and password theft.

Next-generation firewalls can establish secure zones with strictly-enforced user access control, and provide ongoing monitoring and inspection of traffic between zones.

5. Command and control:

Attackers establish a channel back to a server. This lets data be passed back and forth between infected devices and the server.

There are several ways to break the attack lifecycle in this step. Organisations can block outbound command-and-control communications through anti-CnC signatures.

URL filtering can block outbound communication to known malicious URLs, and malicious outbound communication can be re-directed to internal honey pots to identify and block compromised hosts.

6. Actions on the objective:

Attackers manipulate the network for their own purposes. There are many motivations for cyber attack including data extraction, destruction of critical infrastructure, and extortion.

Organisations with granular application and user control can enforce file transfer policies to eliminate known archiving and transfer tactics used by hackers. This limits the attacker’s ability to move laterally with tools and scripts.

“Having the right firewall, anti-malware, and endpoint protection can break the cyber attack lifecycle by interrupting any of these six steps,” Coulthard adds.

“Automatic, incremental protections against malicious URLs and command-and-control attacks eliminate the need for expensive manual processes and keep the organisation ahead of the latest attack techniques.”

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags palo alto networkssecuritycyber

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments