The Kill Chain is a cyber security framework that helps in understanding and identifying the steps an attacker goes through in order to carry out a successful cyber attack. Originated from military concepts, kill chain models are typically used to dissect cyber attacks, offering valuable insights to identify weak points and devise strategies for protecting systems and networks.
In the context of cyber security, the kill chain approach has been adapted by various organizations, including Lockheed Martin’s Cyber Kill Chain. Here is a brief overview of the seven stages of the Lockheed Martin Cyber Kill Chain framework:
Reconnaissance: This is the initial phase where the attacker does research, gathers information and identifies potential targets, such as email addresses, social media profiles, or specific systems and networks.
Weaponization: In this phase, the attacker creates a weapon, such as a malware or virus, and packages it with an exploit (a piece of software or script that takes advantage of a vulnerability in a system).
Delivery: The attacker transfers the weapon to the target, typically via email attachments, compromised websites or various other means.
Exploitation: Upon reaching the target, the weapon exploits the vulnerability, usually gaining unauthorized access and control.
Installation: The attacker installs the malicious software on the target system, ensuring that it can persist and remain undetected.
Command and Control (C2): The attacker now establishes a channel of communication with the compromised system to remotely control it and further carry out malicious activities.
Actions on Objectives: With full access, the attacker now achieves their intended goal, which may be data exfiltration, system disruption or other malicious outcomes.
To protect against cyber threats, it is essential to understand these steps, identify the weak spots in your organization’s security posture, and apply the necessary measures to prevent, detect or respond to potential threats in a timely manner. By utilizing the kill chain approach, you can effectively improve your organization’s cyber security defenses and mitigate the risks posed by cybercriminals.