Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The cyber kill chain and its value to security

Francis Teo, South-East Asia Regional Director, Hillstone Networks | Feb. 19, 2016
Francis Teo of Hillstone Networks talks about the seven steps of the cyber kill chain, and its value to security.

This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.

The phrase "kill chain" was first used by the US Air Force as the command and control process for targeting and destroying enemy forces.

In the cyber security world, the Cyber Kill Chain is a seven-stage model that illustrates how cyber criminals get to their victims. Not all of these steps are used all the time, but very often, this is what happens during attacks.

The kill chain illustrates from start to finish, not only the techniques used, but why they are used. By understanding the 7 steps of the cyber kill chain, organisations can gain an insight into how and why attacks are made, and ultimately, how they can be stopped.

To summarise, Cyber Kill Chain entails the following:

  • Reconnaissance: In this step, the attacker gathers information on its target before commencement of the actual attack. He does it by looking for publicly available information on the Internet.
  • Weaponisation: Next, the attacker leverages an exploit and creates a malicious payload which is sent to the victim. This happens on the attacker side, without him or her making contact with the victim.
  • Delivery: The attacker then sends the malicious payload to the victim by email or other means. This illustrates one of many intrusion methods the attacker can use.
  • Exploitation: This is where the actual execution of the exploit takes place. This step is only relevant when the attacker uses an exploit.
  • Installation: The installation of malware on the infected computer takes place only if the attacker chooses to use malware as part of the attack. Even when malware is involved, this step is an elaborate attack process which can take months to operate.
  • Command and control. The attacker creates a command and control channel so that he or she can continue operating internal assets remotely. This step is relevant throughout the attack, not only when malware is installed.
  • Monetisation: Lastly, the attacker performs the steps needed to achieve his actual goals inside the victim's network. This is the elaborate active attack process that can take months, and thousands of small steps, in order to achieve.


1  2  Next Page 

Sign up for CIO Asia eNewsletters.