The term ‘kill chain’ may sound scary but it’s a helpful way for an organisation to view the various stages of a typical cyber-attack, allowing them to plan and introduce security that can break the chain and hopefully neutralise the threat.
The concept of the 'cyber kill chain™' was proposed by cyber defence analysts working for Lockheed Martin.
As a large defence manufacturer, Lockheed was subject to a considerable number of cyber-attacks which the analysts were able to describe as a sequence of steps or phases. They recognised that if one or more phases of an attack could be disrupted, the attack itself would not succeed.
A good place to break the chain is during the Exploitation phase where an attacker seeks to exploit a particular vulnerability within a potential victim's network.
However, if the intended victim knows where their vulnerabilities lie and is able to remedy them, it reduces the size of the target that the attacker can aim for.
Reconnaissance – The first stage of an attack typically involves the attacker scoping out their intended target to learn as much as possible about it. They do this via social engineering techniques and gathering email addresses. Social media accounts that aren’t locked down via privacy settings can be a treasure trove of information for an attacker.
Weaponisation – This stage is where the attacker develops their plan of attack. This involves them seeking the best tools for the job. The right malware can easily be found for sale on the Dark web as well as other malicious tools.
Delivery – This is one of the stages where a security team can potentially stop the attack and break the chain. Many attacks come in the form of phishing emails, compromised websites or via infected USB devices. Cybersecurity awareness training for employees and the following of security policies can reduce the threat.
Exploitation – This is the phase where CyberScore™ can break the chain and halt an attack. Attackers rely on networks having unpatched vulnerabilities. Regular scanning with CyberScore™ can ensure that these vulnerabilities are detected and neutralised quickly. If an organisation is lax when it comes to patching then there’s a good chance the attacker will be able to proceed to the next link in the chain.
Installation – If the attacker gets past the target's defences they will then be able to install malware or malicious code onto the target network, effectively settling in undetected.
Control – The target is fully compromised and the attacker has virtually free reign to what they like. The compromised system will essentially be under the hacker’s control.
Success – The attacker achieves what they set out to do.
“The challenge is that understanding and fixing vulnerabilities is not a one-off activity - organisations need to work at it constantly. Even for small organisations, this can be challenging, especially knowing which vulnerabilities they should focus their efforts on. This is where technology like CyberScore™ can make a radical difference. Not only does it identify where the vulnerabilities lie - and how significant they are - it also generates a prioritised list of actions to enable effective remediation,” says Richard Bach, Director at XQ Cyber.
If you would like to see CyberScore™ we can arrange a webinar or, if you prefer, we could come and show it to you face to face. Just let us know what works for you and we'll do our best to accommodate you. Request a Demo at - https://xqcyber.com/contact/take-a-look-at-cyberscore
The reverse of the attack kill chain is the defensive kill chain which shows the various courses of action an organisation can take to halt an attack.
The kill chain is a useful guide but it does have its critics in the industry.
One of the criticisms is that the first few steps of the attack chain take place outside of a defended network making it difficult to identify and defend against them. Another criticism is that it doesn’t consider insider vulnerabilities.
For further reading visit –