Cyber Kill Chain | Attacker’s and Defender’s Perspective

In this article we are going to see about cyber kill chain

In this article, we are going to understand Cyber Kill Chain by looking at the attacker’s and defender’s perspectives. In this way, it will be easier to remember and understand. We are also going to discuss if the Cyber Kill Chain is outdated?

What is Cyber Kill Chain?

Cyber Kill Chain | Cybervvie
src – lockheedmartin.com

Cyber Kill Chain (CKC) is a framework developed by lockheedmartin is an intelligence defense-driven model for identification and prevention of cyber intrusions activity. Basically, Cyber Kill Chain is a series of steps that can trace most of the cyber attacks. The CKC framework can help IT, security teams, to understand even advanced attacks like combat ransomware, Security Breaches, and advanced persistence threats (APTs).

As you can see in the above image there are a total of 7 steps in the Cyber Kill Chain framework. The seven steps of the Cyber Kill Chain enhance visibility into an attack and enrich an analyst’s understanding of an adversary’s tactics, techniques, and procedures.

In the next section, we are going to discuss all these 7 Steps with Attacker’s and Defender’s Perspectives.

Cyber Kill Chain Steps

1. Reconnaissance

Attacker/intruder Chooses their target and will conduct research on the target. They conduct research for finding Vulnerabilities in the system or organization. Attackers also create tactics to attack specific vulnerabilities. Recon includes steps like scanning the network for open ports, performing OSINT researches, etc.

In this step, the defender will receive precursors like the IP address of the attacker because of the port scanning.

2. Weaponization

In this step, the Attacker creates malware or worm, or virus to exploit the vulnerability of the target. The malware weapon can exploit any known or unknown vulnerabilities (Zero-Day Attacks). Most of the time attacker creates their own backdoor instead of using some prebuilt program to exploit the system.

This step is really hard to detect by defenders because it’s not happening in their organization. So, the only thing they can do is to deploy anti-virus, system hardening, etc.

3. Delivery

In this step, the attacker delivers the malware weapon to the target from any medium. The attacker can create a spear-phishing email to deliver the weapon to the target, or they can use a USB stick to deliver it, or any medium.

In this step, Defenders should employ all the email defenses and attachment sandboxing

4. Exploitation

In this step, malware created by the attacker starts to take action. the main motive of this step for attackers is to exploit the system to get higher privileges. So, most of the time attackers try to exploit vulnerabilities like code execution.

The defenders can prepare for this step by implementing security policies, hardening the system, performing vulnerabilities management, and try to solve all the vulnerabilities.

5. Installation

In this step, The malware created by the attacker creates a backdoor or access point which only the attacker can use. With this, they try to stay persistent and keep a foothold in the infected system.

The defenders can deploy EDR ( Endpoint Detection and Response) to check for any malicious presence and remove it.

6. Command and Control (C2)

In this step, the attacker finally gets full command over the system. The malware gives access and command to the attacker.

If the attack reaches this step, this is the last chance for stopping the attack for the defender by stopping the command execution anyhow.

7. Actions on Objectives

In this step, The attacker has full and persistent access to the system. Now they can finally fulfill their purposes like ransomware, or data exfiltration, or data destruction. They can complete any objectives they have.

In this step, the defender has to take quick actions to prevent further damage.

Is Cyber Kill Chain Outdated?

Cyber attacks tactics are constantly changing with time and sometimes this model doesn’t show how the attack has taken place. There are some more reasons why researcher thinks it is outdated like Cyber Kill Chain don’t provide any information about insider threats.

To tackle this problem MITRE combined its ATT&CK framework with the CKC framework to make a Unified Kill Chain (UKC) which solves most of the problems with the cyber kill chain. UKC can also be used exactly the same as Cyber Kill Chain to work with Cyber Attacks.

For more blogs like this please visit our blog page

Share the Post...
WhatsApp

About Cybervie

Cybervie provides best cyber security training program in hyderabad, India.This cyber security course enables you to detect vulnerablities of a system, wardoff attacks and manage emergency situations. Taking a proactive approach to security that can help organisations to protect their data, Cybervie has designed its training module based on the cyber security industry requirements with three levels of training in both offensive and defensive manner, and use real time scenarios which can help our students to understand the market up-to its standard certification which is an add on advantage for our students to stand out of competition in an cyber security interview.

More Info – Click Here

Recent Posts

Follow Us on Youtube

CSEP : Certified Security Engineer Professional

Certified Security Engineer Professional (CSEP) certification is a comprehensive program designed for individuals aspiring to become cybersecurity engineers. It equips candidates with hands-on knowledge across various in-demand cybersecurity domains, ensuring they are well-prepared for current and future industry needs.

Organizations today seek candidates with a diverse set of skills beyond just one tool or area of expertise. The CSEP certification addresses this need by providing essential hands-on experience, making you proficient in multiple cybersecurity domains.

The program includes live classes featuring practical exercises, followed by a real-time project that offers valuable industrial knowledge.

Domains covered in the CSEP certification:

  • Cybersecurity Essentials
  • Penetration Testing
  • Application Security
  • Security Operations
  • AI in Cybersecurity
  • Multi-Cloud Security
  • Threat Intelligence

 

This certification is ideal for those looking to secure a role as a cybersecurity engineer and want to gain a competitive edge in the cybersecurity field.

For Further kindly feel free to fill out the profile form  for relevant information on our counselor will get in touch with you

Sign up for our Newsletter

Interested in Cyber Security Training Program 2024 – Click Here
Open chat
1
Hello 👋
How can we help you?