The cyber kill chain is a cybersecurity concept developed by Lockheed Martin to describe the stages or steps of a cyber attack. It is used to increase awareness of the common tactics, techniques, and procedures used in cyber attacks.
The cyber kill chain acknowledges that most attacks require multiple stages to complete. By understanding the stages of an attack, organizations can more effectively defend against them by instituting security measures to prevent attacks from occurring, or detecting and preventing breaches when they do happen.
The cyber kill chain is composed of seven steps or stages, including reconnaissance, weaponization, delivery, exploitation, installation, command & control, and actions on objectives.
1. Reconnaissance: The first step of the kill chain is reconnaissance. This is when the attacker gathers information about the target such as IP addresses, usernames and passwords, open services and ports, or vulnerable software.
2. Weaponization: The second step of the kill chain is weaponization. This is when the attacker takes the information collected in the reconnaissance phase and uses it to craft malicious code, malware, or other attack vectors.
3. Delivery: The third step of the kill chain is delivery. This is when the attacker uses the malicious code, malware, or other attack vectors to deliver the attack payload to the target. Examples of delivery methods are email attachments, malicious links, and USB drives.
4. Exploitation: The fourth step of the kill chain is exploitation. This is when the attacker takes advantage of weaknesses in the target's security measures or vulnerability in the system and executes the attack, allowing the attacker to gain access to the system.
5. Installation: The fifth step of the kill chain is installation. This is when the attacker installs malware or backdoors on the target system, allowing the attacker to gain access to the system at a later time.
6. Command & Control: The sixth step of the kill chain is command & control. This is when the attacker uses the access gained from exploiting the system and sends commands from an external location to the malware or backdoors installed on the system. This allows the attacker to remotely access the system and control it.
7. Actions on Objectives: The seventh and final step of the kill chain is actions on objectives. This is when the attacker takes advantage of the access gained in the previous steps to carry out the intended attack, such as stealing data or encryption of systems.
The cyber kill chain is a useful tool for understanding cyber threats and the steps attackers take to mount an attack. Organizations can use the kill chain as an effective way to defend against cyber threats by monitoring and preventing each step in the attack.
