Cyber Kill Chain Step

Question 1
Download Government Accountability Office’s report from this URL: https://www.gao.gov/assets/700/694158.pdf
If the link is no longer available, then do a web search by using the term “GAO Actions Taken by Equifax and Federal Agencies in Response to the 2017 Breach”.
Please read the pages 10-17 of the document. (Start reading from this section: “Attackers Exploited Vulnerabilities That Equifax Subsequently Reported Taking Actions to Address” until this section: “Equifax Reported Taking Steps to Identify Affected Individual”)
1) Categorize the actions of the hackers by using the cyber kill chain method by filling out the table below. Note that if you cannot find any specific action for a step within the GAO document, you can use external resources or use your judgment on which methods the hackers might have used.
Cyber Kill Chain Step Actions of Hackers
Reconnaissance
Weaponization
Delivery
Exploitation
Installation
Command & Control
Actions on Objectives

Question 2
For the Equifax 2017 case, please provide two components of the attack surface by providing justifications. Please describe the attack vector that leads to the compromise of millions of SSNs.

Question 3
As a senior security engineer, what defense-in-depth actions would be the most suitable for minimizing the Equifax’s exposure to this attack? Explain each action and provide the rationale to support using each specific action.
Question 4 – Weekly Learning and Reflection
In two to three paragraphs of prose (i.e., sentences, not bullet lists) using APA style citations if needed, summarize and interact with the content that was covered this week in class. In your summary, you should highlight the major topics, theories, practices, and knowledge that were covered. Your summary should also interact with the material through personal observations, reflections, and applications to the field of study. In particular, highlight what surprised, enlightened, or otherwise engaged you. Make sure to include at least one thing that you’re still confused about or ask a question about the content or the field. In other words, you should think and write critically not just about what was presented but also what you have learned through the session. Questions asked here will be summarized and answered anonymously in the next class.

Sample Solution

This week in class, we discussed the steps of the Cyber Kill Chain (CKC) and attack surfaces. We also explored defense-in-depth approach for defending against cyber attacks. The CKC is a stepwise framework which includes Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command & Control, and Actions on Objectives. It is important to understand each step in order to proactively defend against cyberattacks. Attack surfaces are any entry points into an organization’s network from which attackers can gain access or initiate malicious activity. We further discussed how companies like Equifax have been victims of sophisticated hacks due to not having necessary security measures in place or not paying attention to potential vulnerabilities in their systems.

One of the most enlightening aspects of this week’s session was understanding how hackers utilize different techniques such as reconnaissance and weaponization to execute successful attacks on organizations with vast amounts of data stored online. I was surprised at just how complicated the process is for hackers who plan these types of attacks but it makes sense that they need detailed preparation before launching their operations. Furthermore, I learned about defense-in-depth strategies including password policy enforcement and utilizing network segmentation which can be used by organizations to protect sensitive assets from attackers.

I am still wondering what specific challenges organizations face when creating layers of defense within their networks? How should organizations prioritize certain security measures over others based on potential risk levels?

This question has been answered.

Get Answer