March 1, 2017
The philosopher, Sun Tzu, states in The Art of War, “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” This ancient truth is perfectly applicable to the modern struggle between data security professionals and the hacking industry. To properly protect our environments, we must understand our own security methods, but at the same time, we must have the same level of familiarity with how these attacks are carried out.
Developed by Lockheed Martin, an American aerospace defense, security, and technology company, the “Cyber Kill Chain” is an excellent tool for conceptualizing how a hacker can strike a business. Though not every attack may adhere to all of these steps, the Cyber Kill Chain provides a good starting point for understanding the challenges of data security.
The Cyber Kill Chain
The Cyber Kill Chain is an ordered list of the phases of a cyber attack. Starting at the very earliest stages of planning and stretching all the way to the attack’s ultimate conclusion, the Cyber Kill Chain gives a bird’s eye view of the hacking strategy.
Step 1 — Reconnaissance:
Long before the attack is actually launched, hackers perform some reconnaissance of your environment to probe for weak points. They gather email addresses, learn names, and get as clear of a picture as possible of your environment. This is all in an effort to locate a backdoor into the network.
Step 2 — Weaponization:
Once they understand how to get into your environment, they still need the tools to do it. In Step 2, the hackers modify their malicious file to take advantage of the vulnerability identified in Step 1.
Step 3 — Delivery:
Finally, the hackers are ready to strike. Whether through a USB drive, an email, or a web link, the hackers deliver their payload.
Step 4 — Exploitation:
In Step 4, the hack is underway. By exploiting weaknesses in your security, the hackers can execute their scripted code onto your environment.
Step 5 — Installation:
Now comfortably beyond your security systems, the malicious file can begin installing malware onto your environment.
Step 6 — Command and Control:
The file is in, the malware is installed, and the hacker can take full control of your system and do with it as they please.
Step 7 — Actions on Objectives:
Only after all of these steps have been completed can the hackers finally seize their objective. The objective, of course, will vary from attack to attack. The hackers could be after payment histories, login data, account information, or other sensitive data. Alternatively, they could freeze your data and ransom it back to you. These are called cryptolocker attacks.
Counterattacking the Cyber Kill Chain
Rather than be intimidated by the sophistication and thoroughness of a cyber attack, we should instead recognize what this chain represents. Each step in the Cyber Kill Chain is an opportunity to stop the attack in its tracks. For that reason, it is important to think about cyber attacks not as an incident but as a continuum.
A security strategy should not only focus on Step 3: Delivery. As seen above, the attack probably began long before and will continue long after the malicious file is actually delivered. Your security strategy must begin before the attack, be strong during the attack, and stay strong after the attack is complete.
A firewall cannot provide security through every step of the Cyber Kill Chain—no single product can. By remembering that security is a strategy and not a product, you’ll be on your way to building an effective defensive strategy.
Like what you read?
Mindsight, a Chicago IT services provider, is an extension of your team. Our culture is built on transparency and trust, and our team is made up of extraordinary people – the kinds of people you would hire. We have one of the largest expert-level engineering teams delivering the full spectrum of IT services and solutions, from cloud to infrastructure, collaboration to contact center. Our highly-certified engineers and process-oriented excellence have certainly been key to our success. But what really sets us apart is our straightforward and honest approach to every conversation, whether it is for an emerging business or global enterprise. Our customers rely on our thought leadership, responsiveness, and dedication to solving their toughest technology challenges.