The 7 stages of cybersecurity, often referred to as the “cybersecurity kill chain”, describe the different steps or phases of a cyber attack that an attacker may take to breach a target’s defenses.
ย Attackers carry out offensive cyberspace operations against their targets by following the steps in the Cyber Kill Chain. This model can assist network defenders in comprehending the phases of a cyberattack and the steps they can take to stop or thwart each one.
The Cyber Kill Chain has seven stages: reconnaissance, weaponization, delivery, exploitation, installation, command and control (C2), and actions on objectives.
1. Reconnaissance
The Cyber Death Chain’s reconnaissance phase entails learning as much as possible about potential targets before conducting any penetration tests. During the reconnaissance phase, possible targets may be identified, their vulnerabilities may be found, which third parties are connected to them (and what data they can access), and both existing and new entry points may be explored. Both online and offline methods of reconnaissance are possible.
2. Weaponization
The Cyber Death Chain’s weaponization step begins after reconnaissance and the attacker has gathered all pertinent data about possible targets, including vulnerabilities. The culmination of the attacker’s planning is the production of malware that will be utilized against a designated target during the weaponization stage. Turning current tools into new forms of malware or altering them to use in cyberattacks are examples of weaponization. For instance, to construct a new Cyber Death Chain tool, thieves may make minimal changes to an existing ransomware variation.
3. Delivery
Cyberweapons and other Cyber Kill Chain tools are used to break into a target’s network and reach users during the delivery stage. Delivery may involve sending phishing emails with malware attachments and clickbait subject lines to users. Delivery may also involve breaking into a company’s network and infiltrating it using a hardware or software weakness.
4. Exploitation
The phase that comes after delivery and weaponization is exploitation. Attackers use the vulnerabilities they have identified in earlier phases of the Cyber Death Chain during the exploitation stage to further enter a target’s network and accomplish their goals. Cybercriminals frequently traverse networks laterally throughout this procedure to reach their objectives. Occasionally, exploitation might direct attackers to their intended targets if network administrators have not implemented deception techniques.
5. Installation
After successfully exploiting their target’s vulnerabilities to gain access to a network, cybercriminals attempt to install malware and other cyberweapons onto the target network in order to take control of its systems and exfiltrate valuable data during the installation stage of the Cyber Kill Chain. In this step, cybercriminals may install malware and other cyberweapons via Trojan horses, backdoors, or command-line interfaces.
6. Command and Control
Cybercriminals interact with the malware they have planted on a target’s network in the C2 stage of the Cyber Kill Chain to give instructions to cyberweapons or tools so they may accomplish their goals. For instance, attackers may utilize C2 servers to command computers to carry out cybercrime objectives or communication channels to teach machines infected with the Mirai botnet malware to flood a website with traffic.
7. Actions on Objectives
Cybercriminals start the final phase of the Cyber Death Chain, carrying out the goals of their cyberattack, after creating cyberweapons, installing them on a target’s network, and seizing control of that target’s network. The goals of cybercriminals differ depending on the cyberattack type, but some examples include weaponizing a botnet to disrupt services with a Distributed Denial of Service (DDoS) attack, disseminating malware to steal sensitive data from a target organization, and using ransomware as a means of cyberextortion.