Cyber kill chain

Facing threats from attackers is a never-ending process.In this digital era, cybersecurity
plays a crucial role in protecting assets. For analyzing the attack pattern and determining
the attacker's tactics, we need one common method for analysis. Cyber kill chain is a
structured model which contains 7 sequential stages and each stage tells about the attack
pattern of the attacker.

By using a cyber kill chain, we can easily conclude at which stage the attack has been. The
seven stages include reconnaissance, weaponization, delivery, exploitation, installation,
command and control, and actions on objectives. We will discuss each stage later in the
following article.

The word kill chain is taken from the military model which is mainly originated to identify and
prepare the attack for destroying the target. Cybersecurity professionals adopted this model
to assess the attacker tactics and help to decrease the attack vector. Understanding each
and every stage and incorporating them into defending the attack helps in decreasing the
attack vector.

The Stages of the Cyber Kill Chain:

1. Reconnaissance:
This is the initial stage for an attacker to gain information about the target. In this
stage, the attacker uses various methods for getting information about the target like
gathering publicly available information, social engineering and scans the target by
using tools. By doing this, attackers will get the network architecture, common
vulnerabilities associated with installed infrastructure in our environment. This
information helps them to create a weapon for delivery.

2. Weaponization:
Based on the information acquired in the previous stage, the attacker will now create
a weapon for delivery. Inorder to exploit the identified vulnerabilities,the attacker start
developing a malware, crafting phishing mails, using third-party tools as weapons.
These are used to exploit the known vulnerabilities that they found from
reconnaissance.

3. Delivery:
Now the weapons or payloads that the attacker crafted on the above stage are
delivered in this stage. There are so many delivery mechanisms involved. These
include phishing mails, adwares, website redirects, compromised websites, third
 party extensions and so on. By using social engineering techniques also, delivery of
payloads is employed.

4. Exploitation:
Once the payload is delivered successfully, the attacker is waiting to exploit the
vulnerabilities. If the victim clicks on a phishing email and instals malware, the
attacker can create the backdoor and execute whatever they can! The attacker can
change the configurations, permissions, and download other malwares that supports
his attack.

5. Installation:
Once the attacker changes permissions, he/she will start downloading the required
.exe files, malwares, malicious extensions that escalates their attack vector. Deleting
logs and suppressing the alerting feature takes place in this stage. Installing these
malware files will benefit the attacker to gain command and control over the victim
machine

6. Command and Control (C2):

With the help of additional installed malwares, the attacker now starts creating a
backdoor for the victim machine. This backdoor will help them to control the victim
machine remotely with malicious commands. Through the remote server, the attacker
will now execute malicious payloads and create pop-ups, redirections, and exfiltrate
the sensitive data.

7. Actions on Objectives:
This is the last stage where the attacker works on his/her motives. Those actions
could be anything like exfiltrating sensitive data, dumping databases,
creating/destroying accounts, changing passwords, copying secret information or
encrypting whole data and demanding for ransomware etc.

How cyber kill chain helps:

● By understanding the cyber kill chain, we can detect the attack at an earlier stage
and can implement proactive measures to suppress the attack.
● We can understand the attacker's tactics which are the intentions of the attacker and
so we can take informed steps against attackers' movements.
● We can detect when an attacker moves at initial stages, so that incident response will
become stronger.
 ● We can design a perfect mitigation plan for the attack. So that attacker cannot
escalate from one stage to another stage.

Conclusion:
Security is not fulfilled by just installing security measures. We need to monitor continuously
and take informed decisions over the attack. Understanding how hackers work is a big step
in staying safe. By knowing their tricks and being prepared, we can protect ourselves and
others from cyber attacks. Remember to stay alert, keep your devices updated, change
passwords frequently and use only strong passwords, report phishing mails and don't fall for
the bad guy. In the defence case, this cyber kill chain helps organisations to defeat the
attacker by knowing the status of their attack. So, implement this cyber kill chain framework
in your organisation to decrease the attack vector.