The Cyber Kill Chain introduced by Lockheed Martin is a cybersecurity model to describe, in general, how a computer intrusion (hacking) through IT network is carried out in 7 distinguished stages. It was developed based on military attack kind of thought.
Anyhow, there is no common SOP in cyber-attack, and hackers are not necessary following the Cyber Kill Chain of planning and action in their attacks.
This model is however useful to plan for cyber-defense strategy and measure, and also for cyber-threat analysis to a networked computer system.
The 7 stages in Cyber Kill Chain are:
- Reconnaissance - the victim is observed, analyzed and studied by the attacker.
- Weaponization - tools are developed or obtained to exploit the weaknesses found in the victim.
- Delivery - the "weapon" is deployed to the targeted victim.
- Exploitation - once the "weapon" is successfully deployed, it will start working by looking for vulnerabilities in the victim's computer system.
- Installation - at the stage, access is silently obtained by the "weapon". It will find it way to communicate to the attacker using the computer network. Normally, a backdoor is established to enable such linkage.
- Command and Control - remote access to the victim's computer system is made available to the attacker. The attacker can take over control of the compromized system and issue command to it.
- Actions on Objectives - with the control, the attacker is able to proceed with the objectives of the attack, such as data exfiltration, data destruction, data encryption for ransom, etc.
With reference to this model, the defending party can plan for countering the attack by the famous 4 Fs strategy, namely:
- Find the enemy
- Fix the enemy
- Fight the enemy
- Finish the enemy