One of the most important knowledge that a cyber security professional would have to know is the Cyber Kill Chain. The Cyber Kill Chain is a seven-stage model that illustrates how cyber criminals get to their victims and target on the system’s vulnerabilities.
7-Stages of Cyber Kill Chain
- Attacker gathers information on the target before launching attack. They usually look for publicly available information on the Internet.
- The attacker uses an exploit and create a malicious payload to send the victim without actual contact with them.
- Attacker sends malicious payload to the victim by email or through other means, which is only one of the numerous intrusion methods the attacker can use.
- The actual exploitation only takes place when the attacker uses an exploit.
- Installing malware on the infected computer is only relevant if the attacker used malware as part of the attack.
- Command and Control
- The attacker creates a command and control channel to continue operating his internal assets remotely.
- Attacker performs these steps to achieve his actual goals inside the victim’s network.
Knowing and understanding the “7 Steps of The Cyber Kill Chain” enable organisations to trace the movements of an attacker and take the necessary security precautions to prevent such attack from happening.
However, over-focus on this area can also be detrimental to network security. A persistent, highly determined and skilled attacker will always find a way into the network. Thus, instead of analysing old malware, organisation should also focus on detecting ongoing attacks before the damage is done.