Menu
INSIGHT: How NZ businesses can break the cyber attack lifecycle

INSIGHT: How NZ businesses can break the cyber attack lifecycle

"The cyber attack lifecycle refers to the procedure attackers use to infiltrate networks and extract data."

Organisations in New Zealand with adequate security measures can break the six-step attack lifecycle at any stage to protect their network and data, while those that don’t have adequate measures in place are at the mercy of cyber criminals.

“The cyber attack lifecycle refers to the procedure attackers use to infiltrate networks and extract data,” says Gavin Coulthard, manager, engineering, Australia and New Zealand, Palo Alto Networks.

“Organisations need multiple threat prevention capabilities built into security platforms to protect them at every stage of the attack cycle.”

Palo Alto Networks has identified ways to break the cycle at each of the six stages to prevent a successful outcome for the attackers and maintain the integrity of your network:

1. Reconnaissance:

Attackers often use phishing tactics or extract public information from an employee’s social media profile, or from corporate websites. They use this information to craft a request to the target organisations’ staff that looks legitimate enough for them to click on.

The subsequently downloaded malware is utilised to look for network vulnerabilities, services and applications they can exploit.

To break the lifecycle, organisations can use URL filtering to prevent attackers from manipulating social media and website information.

Organisations should continuously inspect the network traffic flow with intrusion and threat prevention technologies to detect and prevent port scans and host sweeps.

2. Weaponisation and delivery:

Attackers use various methods such as embedding intruder code within files or emails, or crafting deliverables around specific interests of individuals.

Organisations can break the cycle with next-generation firewalls. This provides full visibility into all traffic, and blocks all high-risk applications.

Using multiple threat prevention disciplines including IPS, anti-malware, anti-CnC, DNS monitoring and sink holing, and file and content blocking can block known exploits, malware, and inbound command-and-control communications.

3. Exploitation:

Attackers that have gained access to the network could activate the attack code and take control of the target machine.

End point protection technologies can block known and unknown vulnerability exploits. Sandboxing technology can automatically provide global intelligence on malware and threats to prevent follow-up attacks on other organisations.

4. Installation:

Attackers establish privileged operations and root kit, escalate privileges, and establish persistence on the organisation’s network.

Organisations can use end point protection technologies to prevent local exploitation leading to privilege escalation and password theft.

Next-generation firewalls can establish secure zones with strictly-enforced user access control, and provide ongoing monitoring and inspection of traffic between zones.

5. Command and control:

Attackers establish a channel back to a server. This lets data be passed back and forth between infected devices and the server.

There are several ways to break the attack lifecycle in this step. Organisations can block outbound command-and-control communications through anti-CnC signatures.

URL filtering can block outbound communication to known malicious URLs, and malicious outbound communication can be re-directed to internal honey pots to identify and block compromised hosts.

6. Actions on the objective:

Attackers manipulate the network for their own purposes. There are many motivations for cyber attack including data extraction, destruction of critical infrastructure, and extortion.

Organisations with granular application and user control can enforce file transfer policies to eliminate known archiving and transfer tactics used by hackers. This limits the attacker’s ability to move laterally with tools and scripts.

“Having the right firewall, anti-malware, and endpoint protection can break the cyber attack lifecycle by interrupting any of these six steps,” Coulthard adds.

“Automatic, incremental protections against malicious URLs and command-and-control attacks eliminate the need for expensive manual processes and keep the organisation ahead of the latest attack techniques.”


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags securitypalo alto networkscyber

Featured

Slideshows

Meet the leading female front runners of the Kiwi channel

Meet the leading female front runners of the Kiwi channel

Reseller News honoured the leading female front runners of the New Zealand channel at the 2018 Women in ICT Awards (WIICTA) in Auckland. The awards honoured standout individuals across seven categories, spanning Entrepreneur; Innovation; Rising Star; Shining Star; Community; Technical and Achievement.

Meet the leading female front runners of the Kiwi channel
Meet the top performing customer-centric Microsoft channel partners

Meet the top performing customer-centric Microsoft channel partners

Microsoft honoured leading partners across the channel following a year of customer innovation and market growth in New Zealand. The 2018 Microsoft Partner Awards recognised excellence within the context of the end-user, spanning a host of emerging and established providers.

Meet the top performing customer-centric Microsoft channel partners
Reseller News launches new-look Awards at 2018 Judges’ Lunch

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Introducing the Reseller News Innovation Awards, launched to the channel at the 2018 Judges’ Lunch in Auckland. With more than 70 judges now part of the voting panel, the new-look awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors.

Reseller News launches new-look Awards at 2018 Judges’ Lunch
Show Comments