If you're an IT security professional, mastering mystifying terminology and arcane acronyms is a rite of passage — maybe even a badge of honor. But there's one unusually blunt cybersecurity term anyone can understand — the "kill chain." A successful attack (the "kill") doesn't just happen. It's the end result of a sequence of essential steps (the "chain") that must be completed in order. If you break the chain, you stop the attack.
The chain metaphor clarifies the problem — but it doesn't necessarily simplify it. If you want to strengthen your defenses against ransomware, you'll need to consider the entire cybersecurity alphabet — from authentication to zero-day malware defenses. In this article, I'll look at an abbreviated kill chain for ransomware with a focus on the "discover and spread" step. Then I'll introduce a strategy of automated data hygiene that can find and fix the overshared files that attackers either take hostage or use to move closer to the kill.
Step 1: Payload Delivery Most ransomware attacks start by phishing end users, sometimes enlisting compromised Websites as temptation. Unsuspecting users take the bait, click the links, and unwittingly deposit attack payloads where they can start their work. Security professionals have tools at their disposal (email scanner, anti-phishing software, employee training) to reduce exposure to malware delivery methods, but the unfortunate truth is users are soft targets for skilled cybercriminals.
Step 2: Establish Command and Control After that fateful download or click, the ransomware payload soon attempts to contact its command and control network (also known as C2 communications). Establishing this channel is an essential step. If successful, attackers can remotely explore the target environment, download encry ..
Support the originator by clicking the read the rest link below.
