• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

A New Take on The Cyber Kill Chain

September 22, 2016 By The Editor

The Cyber Kill Chain

Security professionals use models to map the stages of cybersecurity attacks. The Cyber Kill Chain is a process developed by Lockheed Martin that outlines several key steps threat analysts can use to identify key points in an attack where the chain can be broken to prevent a breach.

WatchGuard threat analyst, Marc Laliberte, has developed a modified version based on this model that can strengthen the process for preventing cyberattacks. Marc’s Cyber Kill Chain removes the weaponization stage and adds a “lateral movement” step just after the command and control stage. Why? Marc’s latest column on Dark Reading covers this in detail:

“Attackers usually compromise the most vulnerable system first instead of going directly to their end objective. After compromising an easy target behind the network perimeter, attackers will move laterally though the network to their actual objective. Weaponization is a step for the attacker, but not something you can defend against, so I don’t include it in the model. Lateral movement, however, can be detected and prevented by internal network segregation firewalls.”

Building on The Lockheed Martin Cyber Kill Chain:

1 – Reconnaissance: Attackers gather information on their target.

2 – Weaponization: Attackers develop their attack payload.

2 – Delivery: Attackers launch their intrusion.

3 – Exploitation: Attackers compromise their target.

4 – Installation: Attackers gain persistence on their target.

5 – Command and control: Attackers issue commands to their payload.

6 – Lateral movement: Attackers move laterally through the network to their objective.

7 – Actions on objectives: Attackers complete their end goal.

Although each attack is different, and some won’t match up perfectly with kill chain models, using one can help to identify vulnerabilities in the network perimeter and improve breach defenses. For more on this topic and to explore a practical example of Marc’s modified Cyber Kill Chain against a real-world JavaScript drive-by download attack, read the full article on Dark Reading:

http://www.darkreading.com/attacks-breaches/a-twist-on-the-cyber-kill-chain-defending-against-a-javascript-malware-attack/a/d-id/1326952

Share This:

Related

Filed Under: Editorial Articles, Featured Tagged With: cyber security, Hacking, Infosec news, Malware, Security breach

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use