The Cyber Killer Chain was developed by Lockheed Martin to identify and prevent cyber intrusions. There are seven steps to the Cyber Kill Chain. Focusing on these steps helps analysts understand the techniques, tools, and procedures of threat actors.
When responding to a security incident, the objective is to detect and stop the attack as early as possible in the kill chain progression. The earlier the attack is stopped; the less damage is done and the less the attacker learns about the target network.
The Cyber Kill Chain specifies what an attacker must complete accomplishing there goal.
If the attacker is stopped at any stage, the chain of attack is broken. Breaking the chain means the defender successfully thwarted the threat actor’s intrusion. Threat actors are successful only if they complete Step 7.
Note: Threat actor is the term used throughout this course to refer to the party instigating the attack. However, Lockheed Martin uses the term “adversary” in it’s description of the Cyber Kill Chain. Therefore, the terms adversary and threat actor are used interchangeably in this topic.
Reconnaissance
Adversary Tactics | SOC Defenses |
---|---|
Plan and conduct research:
|
Discover adversary’s intent:
|
Weaponization
Adversary Tactics | SOC Defense |
---|---|
Prepare and stage the operation:
|
Detect and collect weaponization artefacts: PS: Are you a Nigerian resident abroad and you need to send money to your loved ones back home ?
The stress is over now!
Send money to Nigeria using the MonieWorld app. It's fast, easy and has great rates! MonieWorld is powered by Moniepoint. Sign up with my link
https://spoo.me/iy8taz
|
Delivery
The table summarizes some of the tactics and defences used during the delivery step.
Adversary Tactics | SOC Defense |
---|---|
Launch malware at target:
|
Block delivery of malware:
|
Exploitation
Adversary Tactics | SOC Defense |
---|---|
Exploit a vulnerability to gain access:
|
Train employees, secure code, and harden devices:
|
Installation
Adversary Tactics | SOC Defense |
---|---|
Install persistent backdoor:
|
Detect, log, and analyze installation activity:
|
Command and Control
The table summarizes some of the tactics and defences used during the command and control step.
Adversary Tactics | SOC Defense |
---|---|
Open channel for target manipulation:
|
Last chance to block operation:
|
Actions on Objectives
Adversary Tactics | SOC Defense |
---|---|
Reap the rewards of a successful attack:
|
Detect by using forensic evidence:
|
Action Point
Get My 66 Page eBook on How to Run Success Ads ON TikTok for 2,000 Naira. Click Here to Buy.
Get my 90 Page ebook on How to Run Ads on Facebook. Click here to buy now.
P.S.: If you need private online training on any of the ICT courses I offer here and you are in Nigeria, please send me a DM on my WhatsApp at +2348103180831. Please note that the Training will be 100percent online. It will be delivered via Zoom or Google Meet.
PS: I know you might agree with some of the points raised in this article or disagree with some of the issues raised.
Please share your thoughts on the topic discussed. We would appreciate it if you could drop your comment. Thanks in anticipation.