The main question behind all cyberattacks, regardless of their scope and size, is always the same: how did the hacker target and attack the organization? Lockheed Martin, an American aerospace company focusing on defense, security, and technology, has tried to address this ongoing query through the creation of a “Cyber Kill Chain”—an approach that essentially breaks down each stage of a malware attack so its method, mode, and overall success rate can be identified—and most importantly, stopped before it can cause harm. Not only does this help businesses stay on top of current threats, but it also allows them some degree of transparency about how modern attack strategies are changing to meet the demands (and obstacles) of the new digital landscape.
In brief, the Kill Chain is a a military-inspired tool that intellectualizes and brings to life the methods cyber attacker uses when targeting a business or organization via intrusion-based malware attacks. It has seven phases in all, which illustrate the various stages a hacker might use while orchestrating a hit. As an organizational tool, this insight provides solid footing for targeted organizations by simplifying the journey of an attack and how it plans to sneak away undetected with your sensitive data.
Additionally, the Cyber Kill Chain provides us with a preliminary point of comprehension for challenges around data security and forces us to remember the importance of securing data and its direct relationship with The General Data Protection Regulation (GDPR).
The Cyber Kill Chain presents us with a structured list of the stages of a cyber attack—from the planning and building, all the way to the attacker’s eventual goal. This comprehensive aerial-view of the Cyber Kill Chain can open our eyes to the common stratagems of a hacker while emphasizing the importance of not viewing an attack as an incident—but rather as a continuum that will never disappear, only change in sophistication. Here are the seven phases:
- Phase 1—Investigation
Before an attack, a black hat sets aside time (and lots of it) to investigate your environment in search of vulnerabilities. Hackers may gather personal data such as email addresses, names, and date of births— anything that assists them in penetrating your environment and infiltrating your network.
- Phase 2—Weaponization
Once an attacker has established how they might realistically access your environment, they will select a tool which allows them to do it with stealth and a high degree of potential success. It’s likely their malicious files will be adapted to target a specific vulnerability.
- Phase 3—Execution
The attackers strike! This might be via email, web links, USB drives or programs such as Backdoors and Trojans.
- Phase 4—Exploitation
The hack is in motion. The attacker will now be exploiting your security-based vulnerabilities and will have infiltrated your environment with their scripted code.
- Phase 5—Installation
The attacker has broken through your security-based boundaries, and the malicious files are penetrating your systems and beginning the installation of malware.
- Phase 6—Domination
The victim has lost control. The attacker has installed the malware, and they are now now dominating your systems and software.
- Phase 7—Destruction
Completion of the seven phases means that the attacker’s goal has been accomplished.
Of course, objectives will vary by individual, but destruction may manifest through the stealing of payment histories, bank details, login data, or account information. Hackers may immobilize data to ransom it back to you—known as cryptolocker attacks.
Research has found that over recent years the Cyber Kill Chain has been modified by attackers to the extent of consolidating phase one to five into a single action and consequently quickening the process of locating vulnerability and subsequently launching an attack. Researchers report that this modified version was applied in 88% of attack cases between April 2017 and June 2018.
Attack prevention measures should exist within your organization. It’s right that no single product solution can provide security through every phase of the Cyber Kill Chain, but we can build efficient defense strategies by reinforcing security as a strategy—not as a product. An effective stratagem will serve to limit your pre-attack vulnerabilities, ensure resilience during an attack, and help your organization remain robust, should you fall victim to a hacker.
When planning and implementing internal systems and processes, any successful business will have the realities of the Cyber Kill Chain driving its decisions. Having a multifaceted approach to security will provide the best chance of killing the attack while in its initial phases—and it’s also much more cost effective to close an infected connection than to sterilize a compromised network.
While the fight against hackers can often feel unbeatable, the Cyber Kill Chain offers us a foundation in which to focus our defense strategies and an encouraging reminder that all seven phases of the Cyber Kill Chain must be accomplished by the hacker to win. We have opportunities to intercept at any point to stop an attempted attack in its tracks and to steal the victory.
Every day, cyberattacks are reaching greater heights of sophistication. Instead of feeling threatened by the growing intelligence of hackers and their meticulous attention to detail, we should alternatively have an appreciation for what the Cyber Kill Chain represents—an opportunity to halt the cyber attack—to reach it at its earliest phase —and to kill it before it reaches its next.