Kill chain

A kill chain (is a conceptual model that describes the successive stages of a cyber attackFrom planning to achieving malicious objectives.

This concept, borrowed from the military, has been adapted to the cyber security by Lockheed Martin in 2011. This approach enables defenders to understand, anticipate and disrupt attacks by identifying possible breaking points at each phase.

🎯 Objective

The main aim of the kill chain is to :

• Understanding the different phases of an attack It enables you to view and analyse the actions taken by an attacker.
• Identifying areas of weakness by understanding the steps involved, it is possible to detect the vulnerabilities and strengthen defences.
• Interrupting the attack By detecting the attack at an early stage, it is possible to stop it before it causes any major damage.

The 7 stages of the cyber kill chain

1. Acknowledgement Gathering information about the target (networks, employees, vulnerabilities).
2. Arming (Weaponization: creation of an attack vector (eg. malware linked to a document).
3. Delivery (Delivery): transmission vector (e-mail, USB, compromised website).
4. Operating A vulnerability is triggered to execute malicious code.
5. Installation implementation of persistent access (eg. backdoor).
6. Command and control (C2): establishes a connection with the attacker's server.
7. Actions on objectives data exfiltration, sabotage, ransomwareetc.

Developments and limits

• The model MITRE ATT&CK completes the kill chain by detailing the techniques used by the attackers
• Modern attacks (APTransomware) can bypass or accelerate certain steps
• The kill chain remains an educational and strategic tool, but needs to be combined with other frameworks for a complete defence.