Custom-Written, AI-Free & Plagiarism-Free Academic Work by Assignment Experts

Assignment Experts UK is a trading name of AKOSZ TEC LTD (Company No. 11483120). View on Companies House

Cyber Kill Chain and Indicators of Compromise

Assignment Brief

This individual assignment contributes to the assessment of the following Intended Learning Outcomes of the unit:

  1. Critically evaluate the emerging threat landscape introduced by various technologies and in different business sectors.

  2. Critically evaluate Log Management and Security Information and Event Management (SIEM) systems.

  3. Critically evaluate, manage and handle cyber security events and incidents.

  4. Construct and critically evaluate policies and methods for information sharing, incident handling and Computer Security Incident Response Team (CSIRT) operations.

Part 1. Cyber Kill Chain and Indicators of Compromise (1750 words approx.) The seminal work by Hutchins et al. has influenced the development of methodologies for defending against APTs. In this part of the coursework, you will need to map the phases of the cyber kill chain on a threat of your choice and study how SIEM could assist the mitigation processes.

More specifically, the steps of your study and sections of the essay should include the following:

  1. Introduction and description of a specific threat. Pick any threat and after introducing it, explain what the criticality and impact can potentially be for an organization, by showing how it would affect one or more of the security goals (confidentiality, integrity, availability). For this question you can consider threat intelligence methodologies or frameworks such as ENISA’s Emerging Threats Landscape, MITRE’s ATT&CK Framework etc.

  2. Mapping of the selected threat to the cyber kill chain. With the use of specific examples, technologies and attack vectors from the literature, show how the threat could follow the cyber kill chain stages. Some generic examples are shown in Tables 2,3,4 of the kill chain paper

  3. Describe how a SIEM solution could provide intelligence in the different phases in order to detect the attempted (or successful) breach or attack. In doing this you should consider and identify the relevant Indicators of Compromise (IoC), tools as well as any presentation or visualization alternatives to allow the analyst and system administrator to identify the security related events.

100% Plagiarism Free & Custom Written,
tailored to your instructions

Sample Answer

Cyber Kill Chain and Indicators of Compromise

Introduction to the Threat: Ransomware

Ransomware has emerged as one of the most destructive and financially devastating cyber threats in recent years. It is a form of malicious software that encrypts a victim`s data, rendering it inaccessible, and demands payment (often in cryptocurrency) for decryption keys. Prominent examples include WannaCry, Ryuk, LockBit, and Conti. Ransomware is frequently delivered via phishing emails, exploit kits, or remote desktop protocol (RDP) attacks.

The impact of ransomware attacks on organisations can be severe. In 2021, the Colonial Pipeline attack disrupted fuel supplies across the United States. In the UK, the NHS was significantly affected by the WannaCry attack in 2017, leading to the cancellation of thousands of appointments and operations.

From a security goals perspective:

  • Confidentiality is breached when attackers gain unauthorised access to sensitive files.

  • Integrity is compromised when data is altered or encrypted without permission.

  • Availability is most severely affected, as ransomware denies users access to critical systems and files.

Threat intelligence frameworks like MITRE ATT&CK and ENISA’s Threat Landscape Report identify ransomware as a growing Advanced Persistent Threat (APT), affecting sectors such as healthcare, education, logistics, and finance.

Mapping Ransomware to the Cyber Kill Chain

The Cyber Kill Chain, developed by Lockheed Martin, breaks down an attack into seven stages. Below is how ransomware typically aligns with each stage:

Reconnaissance

In this stage, the attacker collects information about the target network. This can involve scanning IP ranges, identifying vulnerable services, or gathering employee email addresses for spear-phishing.

Example: An attacker uses LinkedIn to identify IT staff and then targets them with personalised phishing emails.

Weaponisation

The attacker creates the ransomware payload, often embedding it within a document (e.g., a macro-enabled Word file) or an executable, ready to be delivered to the victim.

Example: Ryuk ransomware is weaponised as a Trojan, delivered through TrickBot or Emotet malware.

Delivery

This is how the malware reaches the victim. Common methods include:

  • Phishing emails with malicious attachments or links.

  • Compromised websites hosting exploit kits.

  • Drive-by downloads.

Example: An employee clicks a link in a phishing email that downloads ransomware.

Exploitation

The ransomware exploits system vulnerabilities to execute code. It may also exploit human vulnerabilities like poor password hygiene.

Example: The attacker exploits an unpatched SMB vulnerability (like EternalBlue in WannaCry) to spread across the network.

Installation

The ransomware installs itself on the victim`s device and may attempt to disable antivirus and backup software.

Example: The malware encrypts data and deletes shadow copies to prevent recovery.

It’s a model that outlines the stages of a cyber attack, from reconnaissance to exfiltration, helping organizations identify and mitigate threats effectively.

Pick any realistic cyber threat, like ransomware, phishing campaigns, or APTs, and describe its potential impact on confidentiality, integrity, and availability.

SIEM collects and analyses logs from various sources, detects suspicious activity, provides alerts, and supports forensic investigations through indicators of compromise.

IoCs are pieces of evidence that indicate a security breach, such as unusual network traffic, unexpected file changes, malware signatures, or unauthorized login attempts.

Sophie

Assignments Experts helped me break down the kill chain step by step. I finally understood how SIEM ties into each phase of an attack.

United Kingdom

★★★★★
Oliver

The examples of IoCs given by Assignments Experts made it way easier to map my chosen threat. Saved me a ton of research time.

United Kingdom

★★★★★
Rachel

Assignments Experts explained SIEM visualization and dashboards so clearly, my essay looks professional and technical now.

United Kingdom

★★★★★
Hannah

I was stuck on connecting the cyber threat to the kill chain stages, but Assignments Experts made it simple with real-world examples.

United Kingdom

★★★★★