Cyber Killer Chain In Cybersecurity: Facts To Know
The Cyber Killer Chain was developed by Lockheed Martin to identify and prevent cyber intrusions. There are seven steps to the Cyber Kill Chain. Focusing on these steps helps analysts understand the techniques, tools, and procedures of threat actors.
When responding to a security incident, the objective is to detect and stop the attack as early as possible in the kill chain progression. The earlier the attack is stopped; the less damage is done and the less the attacker learns about the target network.
The Cyber Kill Chain specifies what an attacker must complete accomplishing there goal. The steps in the Cyber Kill Chain are shown in the figure.
If the attacker is stopped at any stage, the chain of attack is broken. Breaking the chain means the defender successfully thwarted the threat actor’s intrusion. Threat actors are successful only if they complete Step 7.
Note: Threat actor is the term used throughout this course to refer to the party instigating the attack. However, Lockheed Martin uses the term “adversary” in it’s description of the Cyber Kill Chain. Therefore, the terms adversary and threat actor are used interchangeably in this topic.
Reconnaissance
Adversary Tactics | SOC Defenses |
---|---|
Plan and conduct research:
|
Discover adversary’s intent:
|
Weaponization
Adversary Tactics | SOC Defense |
---|---|
Prepare and stage the operation:
|
Detect and collect weaponization artefacts:
|
Delivery
The table summarizes some of the tactics and defences used during the delivery step.
Adversary Tactics | SOC Defense |
---|---|
Launch malware at target:
|
Block delivery of malware:
|
Exploitation
Adversary Tactics | SOC Defense |
---|---|
Exploit a vulnerability to gain access:
|
Train employees, secure code, and harden devices:
|
Installation
Adversary Tactics | SOC Defense |
---|---|
Install persistent backdoor:
|
Detect, log, and analyze installation activity:
|
Command and Control
The table summarizes some of the tactics and defences used during the command and control step.
Adversary Tactics | SOC Defense |
---|---|
Open channel for target manipulation:
|
Last chance to block operation:
|
Actions on Objectives
Adversary Tactics | SOC Defense |
---|---|
Reap the rewards of a successful attack:
|
Detect by using forensic evidence:
|
Action Point
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be very glad to do that I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained includes staffs of Dangote Refinery, FCMB, Zenith Bank, New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training.
I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.
Fact Check Policy
CRMNIGERIA is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.
|