Introduction to Lockheed Martin’s Cyber Kill Chain®
1. Introduction to Lockheed Martin’s Cyber Kill Chain®
Sometimes, examining things from a different perspective can give you insights into things you might not have noticed otherwise. In this video, we'll examine Lockheed Martin’s Cyber Kill Chain® framework. This framework will help you understand the anatomy of an attack, so that you can better defend against it. Ready to get started? Lockheed Martin’s Cyber Kill Chain® framework defines the steps of a successful cybersecurity attack. Each attack provides an opportunity for defenders to understand an attacker's mindset, strategy, and goals. Before we discuss the Cyber Kill Chain®, it’s important that you’re aware of advanced persistent threats, or APT. An advanced persistent threat is an adversary that possesses sophisticated levels of expertise, significant resources, and achieves its objectives through multiple attack vectors. APTs are a serious threat to cloud environments. The good news is, the Cyber Kill Chain can be used to identify APT activity, and mitigate it. There are 7 steps in Lockheed Martin’s Cyber Kill Chain® that need to be completed in order for an attacker to successfully complete an attack. As a defender, if you're able to stop an attacker during any step of the chain, you can break it, and stop attackers in their tracks. The 7 steps of the Cyber Kill Chain® are reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on objectives. Let’s explore each step in detail. In step 1, reconnaissance, the attacker focuses on gathering information. Before attackers can attack, they need to identify their targets. To do this, they collect as much information about the target as possible. Malicious actors aren't that different from criminals operating in the physical world. Each step of Lockheed Martin’s Cyber Kill Chain® can be compared to a scenario involving a zoo heist. In this example, the members of the zoo heist team have to take certain steps in order to successfully take rare animals from the zoo. Similarly to how a heist team member would identify the best zoo to target, malicious actors plan their attack by performing reconnaissance. This includes gathering information like employee names and job titles, email addresses, and information about the target's infrastructure, like the services or operating systems being used. After successfully performing reconnaissance, the attacker moves to step 2, weaponization. In this step, the attacker prepares their attack by using tools to create a deliverable malicious payload, like malware. Similarly, in the zoo heist example, after the heist team members pick their target zoo, they must prepare for the heist by gathering the tools they need, like gloves and bolt cutters. After an attacker successfully creates their exploits, their next step is delivery. In this step, the attacker officially launches their attack. This might be done by sending a malicious email to the target, or by performing social engineering. For a heist team member, this step is like arriving at the zoo with their tools in hand, ready to break into the zoo's locked doors. After the attacker has delivered their malicious payload, they move on to the next step, exploitation. The goal of this step is for the attacker to gain access to the target. They can do this by exploiting a software vulnerability. For members of the heist group, this step includes successfully breaking the locks of the zoo to gain access. After the attacker has successfully gained access into the target's system, the next step is installation. The goal of this step is for the attacker to maintain access to the target's system without the target knowing. They can do this by installing backdoors into the system. Backdoors allow an attacker to bypass security measures and conceal their access. For the heist team, this step includes creating a secret underground tunnel entrance connecting to the zoo, so they can continue to have access to the zoo and easily transport the stolen animals. After an attacker has successfully ensured persistent access to the target's system, they begin the command and control step. The goal of this step is for the attacker to be able to remotely control the target's system. Common command and control channels an attacker might use include web, DNS, or email protocols. The final step is actions on objectives. This is when attackers achieve their end goal. During this step, they can collect and exfiltrate data, destroy systems, or worse. In the final step of the zoo heist operation, the heist members successfully steal animals from the zoo. In both scenarios, the attacker and the heist team are able to get what they want using the Cyber Kill Chain® framework. Now you can use Lockheed Martin’s Cyber Kill Chain® to anticipate an attack and defend against it. Staying ready means taking as many precautions and steps to prepare as possible.2. Let's practice!
Create Your Free Account
or
By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.