The cyber kill chain (Models & Methodologies)

With the various merits being provided by the internet, most of the services are being offered online, such as banking. However, these benefits are accompanied with cyber threats. Furthermore, cyber threats nowadays are not like past ones. As most attack nowadays targets a specific organisation or companies by establishing goal-oriented attacks. Even though money is spent on preventing such attacks, the number of cyberattacks, and the damage it causes is increasing. As most of these attacks are advanced, therefore, new techniques have been adopted, such as the cyber kill chain model. The cyber kill chain as a firewall to explain advanced attacks such as advanced persistent threats (APTs) (Kim et al., 2018).

Author's work

The cyber kill chain is used to improve security by analysing the attack stages; the model is designed so defenders could interrupt the attack at every stage of it. Furthermore, as the old saying says“Defenders need to defend against everything while attackers only need to exploit one weakness.” thus, the cyber kill chain helps organisations and companies create more secure environments by analysing the seven stages of an attack (CyCraft Classroom: MITRE ATT&CK vs. Cyber Kill Chain vs. Diamond Model, 2020).

1- Reconnaissance: in this stage, the hacker starts to collect data and determine its target that could be corporations, social media account, and so on (Zhou et al., 2018).

2- Weaponisation: in this stage, the hacker creates a way to exploit the system's vulnerabilities based on the data collected from the reconnaissance stage. This could happen by using exploits tools or social engineering techniques (CyCraft Classroom: MITRE ATT&CK vs. Cyber Kill Chain vs. Diamond Model, 2020). 

3- Delivery: in this stage, the hacker carries on with the weaponisation stage and deliver the attack. This could happen by using an infected email attachment or phishing technique, and so on (Zhou et al., 2018).

4- Exploitation: in this stage, the hacker has already delivered its weapon and ready to execute the attack. Normally the system's vulnerabilities on this stage are exploited (Zhou et al., 2018).

5- Installation: in this stage, the attacker has access to the system, so trojan is installed or backdoors to give the attacker better access to the target's system (Zhou et al., 2018).

6- Command & Control (C2): in this stage, the attacker sets an attack path to establishing the cyberattack. As cyberattacks normally involve human interaction (hacker) rather than being fully automated (Zhou et al., 2018).

7- Actions on Objectives: in this stage, the attackers have already achieved their goals. Collecting sensitive data, damaging the system, and so on (Zhou et al., 2018).

References:

• Kim, H., Kwon, H. and Kim, K., 2018. Modified cyber kill chain model for multimedia service environments. Multimedia Tools and Applications, [online] 78(3), pp.3153-3170. Available at: <https://search-proquest-com.proxy.library.dmu.ac.uk/docview/2022765173?pq-origsite=summon> [Accessed 6 December 2020].
• Medium. 2020. Cycraft Classroom: MITRE ATT&CK Vs. Cyber Kill Chain Vs. Diamond Model. [online] Available at: <https://medium.com/cycraft/cycraft-classroom-mitre-att-ck-vs-cyber-kill-chain-vs-diamond-model-1cc8fa49a20f> [Accessed 6 December 2020].
• Zhou, X., Xu, Z., Wang, L., Chen, K., Chen, C., and Zhang, W., 2018. Kill Chain For Industrial Control System. [ebook] Beijing: EDP Sciences. Available at: <https://www.matec-conferences.org/articles/matecconf/pdf/2018/32/matecconf_smima2018_01013.pdf> [Accessed 6 December 2020].