top of page
Search

Day 27 of 100 Days of Cybersecurity - The Cyber Kill Chain

  • Elizabeth Rasnick
  • May 28, 2023
  • 2 min read

Warning: Vocabulary Intensive Discussion

Lockheed Martin developed the cyber kill chain as a framework for “intelligence driven defense”. There are 7 stages to the cyber kill chain. Adversaries (black hat hackers) must complete each of these stages to perform a successful attack. From the defender’s perspective, if they can interrupt an attack at any one of the 7 stages the attack will be arrested. Sounds easy, right? You should know by now that nothing in cyber is that simple.


Step 1: Reconnaissance - This step is absolutely critical to pulling off a success hack. The more information that can be gathered about the target system, the better an intrusion can be planned. While it is difficult to determine that passive scanning is taking place, active scanning can be detected.


Step 2: Weaponization - The malware that will be deployed on the target is created in this step.


Step 3: Delivery - At this stage, a phishing email, trojan horse, spoofed link, or the like is sent out with a malware payload to the desired target population.


Step 4: Exploitation - Based on information discovered in the reconnaissance phase, a vulnerability in the target system is taken advantage of in order to gain a foothold into the system.


Step 5: Installation - The foothold from the exploitation stage allows the malware from the payload to be installed on the target system.


Step 6: Command and Control (C2) - In this phase, the attacker has full access to the target systems. They can run commands on the system and control access to resources.


Step 7: Actions on Objectives - The final stage is carrying out the intended goals of the hack. That may be theft of data, activating ransomware, placing a logic bomb, or whatever other mayhem their hacker hearts desire.


These are super brief explanations of each of the stages. If you want more detail on any or all of these, go straight to the source, Lockheed Martin.


For more information, go to Lockheed Martin’s page on the cyber kill chain, go to: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html



 
 
 

Comments

bottom of page