Malware Analysiss

If an intrusion is detected and the cause attributed to a website or email, we can perform Basic Static, Dynamic, Hybrid, and/or automated malware analysis.

Threat Actors and the Cyber Kill Chain

Threat actors are always on the prowl for their next victim. And once they find a target they employ the cyber kill chain to effect an attack.

  • Reconnaissance: This is the observation stage: attackers typically assess the situation from the outside-in, in order to identify both targets and tactics for the attack. This can often mean harvesting information obtained from public/open-source methods.
  • Weaponization: This is the stage where the threat actor prepares the malicious payload to be used during the attack.
  • Delivery: This the stage where the malicious code is delivered to the victim. This is most commonly done by email or drive by downloads from infected websites.
  • Exploitation: The act of exploiting vulnerabilities, and delivering malicious code onto the system, in order to get a better foothold.
  • Installation: This is the stage where the malicious code is executed on the infected system.
  • Command and Control: At this stage, the infected system attempts to send data–system information and other information the attackers system (or designated system). This tells the attacker that the infected system is communicating and ready to complete the attack.
  • Actions on Objectives: At this stage, the attacker is free to act on any objectives such data exfiltration, denial of service, etc.
    • Denial of Service: Disruption of normal access for users and systems, in order to stop the attack from being monitored, tracked, or blocked.
    • Data Exfiltration: The extraction stage: getting data out of the compromised system.
    • Privilege Escalation: Attackers often need more privileges on a system to get access to more data and other permissions: for this, they need to escalate their privileges often to an Admin.
    • Lateral Movement: Once the threat actor is in the system, they can move laterally to other systems and accounts in order to gain more leverage.
    • Obfuscation / Anti-forensics: In order to successfully pull off a cyberattack, attackers need to cover their tracks. In this stage they often lay false trails, compromise data, and clear logs to confuse and/or slow down any forensics team.

Ultimately, you want to strive to catch the threat actor PRIOR TO the Exploitation phase. However, often  that is not possible considering most companies are not even aware until an active infection has been identified and/or reported.

In a reactive approach, once the cause of the infection is identified, a sample is collected and analyzed for other indicators of compromise (IOCs). These IOCs can then be used to block future traffic from a suspect email address, IP address or domain.

In a proactive approach, we provide a vulnerability assessment plan to assist with strengthening your network security posture.

The best approach is a hybrid approach that will encompass BOTH proactive and reactive techniques and strategies to monitor and strengthen your network.

We are here to help you find the best strategies for your situation.

Have questions? Need a Quote?

Get in Touch

If you have any questions/comments, feel free to reach out.

Contact Now

© Copyright - ARTIFACTUAL INTELLIGENCE LLC