Installation: At this stage, SOC analysts are advised to deploy a Security Information and Event Management (SIEM) and Host-Based Intrusion Detection System (HIDS) to detect attacks. To deny an attack, Cyber Kill Chain recommends using Two-Factor authentication, strong password, and privilege separation as well as disrupting attack using data execution prevention. If the attackers successfully penetrate corporate critical IT infrastructure, SOC teams must contain them in a timely fashion to mitigate damages. To this end, Cyber Kill Chain recommends employing Inter-Zone Network Intrusion Detection System, App-aware firewall, and trust zones.
Trend Micro security researchers revealed a new malware which is a multi-tasking threat that includes botnet, ransomware, and keylogging capabilities in a single package. Virobot not only encrypts files on the infected systems but also entangle the machine into a spam botnet and force it to disseminate itself to other victim machines.