The kill chain
(also the cyber kill chain)
The kill chain definition
The kill chain is a cyberattack deconstruction model that helps to understand the structure of the cyberattack. Professionals and organizations use this step-by-step approach to identify and prevent malicious activity and cyberattacks in the future. Usually, the kill chain model contains eight stages.
See also: spyware, anti-malware, ransomware
The stages of the kill chain
- Reconnaissance: During this stage, attackers gather vast information about the potential target. This stage includes activities such as determining the target’s vulnerabilities and exploring entry points. The success rate usually depends on the amount of useful information gathered. Then the data is transformed into a plan of action.
- Weaponization: At this stage, the attacker creates a weapon known as an attack vector based on the gathered information and targets vulnerabilities in the reconnaissance stage. Vectors can include ransomware, remote access malware, worms, trojans, or viruses that could bypass the target’s security measures.
- Delivery: The attacker delivers the attack weapon to the target’s network or system at this stage. Attackers use various mediums to reach success. The most frequent may include phishing emails, email attachments, links to malicious websites, and even social engineering techniques.
- Exploitation: The attacker installs malicious codes or software into the target’s system at this stage. That opens the opportunity to further exploit the network system by running various commands and scripts to modify security certificates. Exploitation attacks may include dynamic data exchange, scripting, and local job scheduling.
- Installation: After the exploitation phase, the attacker establishes a stable ground for further attacks and more control. That usually includes creating back doors into the target’s systems, modifying system files, and creating new user accounts. This stage is a foundation for the command and control phase.
- Command and Control: In the command and control stage, the attacker creates a channel for further communication with the compromised system or network. This maneuver lets the attacker carry out more malicious activities. At this stage, the attacker is more likely to use encryption and other standard methods in order to disguise his activity and avoid further detection.
- Actions on Objectives: In this final Lockheed Martin’s cyber kill chain stage, attackers execute the final steps in achieving their primary objectives, which often include stealing sensitive data, disrupting the systems by causing damage to the network, or even compromising the whole system to use it as a platform for further malicious attacks.
- Monetization: During the monetization stage, attackers try to capitalize and profit from successful attacks by selling sensitive information in the back markets, or using compromised network systems for crypto-jacking, even extorting their victims for ransom payments. The main attacker’s goal is to extract as much monetary value as possible without being identified or caught.