Forensic Analysis of Cyber Attacks Using the Cyber Kill Chain Model to Enhance Antivirus Protection in an IT Solutions Company

Abstract

Currently, a significant number of cyber-attacks continue to be successfully executed in Peru due to a lack of understanding of the life cycle or phases of an attack. To address this, information was collected on a set of attacks detected by a company's antivirus solution with the aim of analyzing and categorizing them based on the phases of the Cyber Kill Chain model. To assess the effectiveness of the implemented antivirus solution's protection, metrics were employed for detection, blocking, neutralization, and compromise. Mitigation actions considered the real-time blocking level, heuristic analysis, behavior monitoring, traffic inspection, and data recovery. The results indicate an improvement when combining antivirus protection with the Cyber Kill Chain methodology, raising the effectiveness rate from 80% to 100% for the successfully compromised threat. © The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.