What is the Cyber Kill Chain?

The Cyber Kill Chain is a framework that applies the principles of Lockheed Martin’s Kill Chain process to cyberattacks. It consists of seven sequential stages that outline the steps attackers typically follow to infiltrate and compromise a target system.

The seven stages are:
1. Reconnaissance, 2. Weaponization, 3. Delivery, 4. Exploitation, 5. Installation, 6. Command and Control, and 7. Actions on Objectives.

1. Reconnaissance

The attacker or intruder selects a target.
They conduct extensive research on the target to identify vulnerabilities that can be exploited. This stage involves gathering as much information as possible to plan the attack effectively.

2. Weaponization

The intruder develops malicious tools, such as viruses or worms, to exploit the identified vulnerabilities.
Depending on the target and the attacker’s goals, the malware may leverage previously undiscovered vulnerabilities (known as zero-day exploits) or combine various known vulnerabilities to increase its effectiveness.

3. Delivery

The attacker delivers the weaponized malware to the target.
To achieve this, attackers may use methods such as USB drives, email attachments, or compromised websites to ensure the payload reaches the intended victim.

4. Exploitation

The malware activates, triggering its programmed actions.
At this stage, the attacker exploits the target’s vulnerabilities to gain access to their systems or networks.

5. Installation

The malware installs a backdoor or access point for the attacker.
This backdoor allows the attacker to maintain ongoing access to the compromised system, paving the way for further actions.

6. Command and Control (C2)

The attacker establishes communication with the compromised system.
Using the malware, the intruder gains control over the network or system, enabling them to issue commands and retrieve data.

7. Actions on Objectives

Once the attacker secures persistent access, they proceed to execute their objectives.
This could include encrypting data for ransom, exfiltrating sensitive information, or destroying critical data to disrupt operations.

The Cyber Kill Chain serves as a valuable framework for understanding how cyberattacks unfold and provides organizations with insights to detect, mitigate, and respond to threats effectively.