Lockheed Martin's The Cyber Kill Chain defines the steps used by cyber attackers in todays cyber attacks.
We have shared the seven stages below.
You can also download the PDF copy by going to our LinkedIn page:
- 1st stage: RECONNAISSANCE
The attacker will be looking for information systems with few protections or exploitable weaknesses. This can be done by active (e.g. port scanning) or passive (e.g. search engines) information gathering.
- 2nd stage: WEAPONISATION
The attacker creates or uses toolkit that can take advantage of the weaknesses based from the outcome of the reconnaissance. The toolkit is not only focusing on the weakness, it also ensures that the attacker has admin privilege to take further actions on the information system.
- 3rd stage: DELIVERY
The attacker delivers the weaponised bundle usually via spear phishing. The spear phishing email will most likely contain a legitimate-looking attachment that contains code that, when executed, would result in the attacker gaining a foothold on the organisational information system.
- 4th stage: EXPLOITATION
- 5th stage: INSTALLATION
Installation of the malware to the targeted information system. The malware will also begin to download additional software if network access is available. This will help the attacker to have better control of the system.
- 6th stage: COMMAND AND CONTROL (C&C)
The attacker has created a channel to control the information system remotely. This allows the attacker to move deeper into the network, exfiltrate data and conduct destruction or denial of service operations.
- 7th stage: ACTIONS ON OBJECTIVES
Depending on the attacker's motive, they can either steal confidential information, cause disruption to the service that will make it unavailable or even financial gain.
Disclaimer: Following the Human Firewall tips are at your own discretion. Any actions you may take upon the information on this page is strictly at your own risk.