Today we are going to discuss the phases of the cyber kill chain. The cyber kill chain is a list that follows stages of a cyberattack. The kill chain framework is derived from a military model that was initially created to identify, prepare to attack, engage, and destroy the target. Here are the 8 phases of the cyber kill chain.
This is the first step of an attack or the information gathering stage. During this phase the attacker searches for data that might show vulnerabilities and weak points in the system. Usually in this phase the attackers will assess the situation from the outside-in to ease them to analyze the targets and tactics for the attack.
For the second phase is the time for the attacker to break in after they gather all the information needed. The attack becomes active in the intrusion phase. The attackers will start sending malware such as ransomware, spyware and adware into the system to gain access.
In exploitation the attacker is already inside the system and the perimeter is breached. After the attacker gains access into the system they can now install additional tools, modify security certificates and create new scripts files for a bad purpose.
4) Privilege Escalation
To gain elevated access to the resources, attackers will use privilege escalation. This technique usually involves brute force attacks, preying on password vulnerabilities and exploiting zero day vulnerabilities. Attackers will change the GPO security settings, configuration files, change permissions and try to extract the authorization.
5) Lateral Movement
In lateral movement, attackers will move from system to system to get more access and to find more assets. The attackers also will find out critical data and sensitive information, admin access and email servers to do the system breach.
In this phase, the cyber attackers will cover their existence and mask their activity to prevent detection and stop certain investigation. This process includes wiping files and metadata, overwriting data with false timestamps and false information or changing important information to make the data look like no one was touched before.
7) Denial of Service
For this phase the focus of the attackers is they will target the network and data framework. This to make sure the authorized user can’t gain the access into the system and get what they need. For example the attack on DoS can crash the systems and flood services.
For the final phase, exfiltration aims at the exit strategy. After the attackers get the data they want, the attackers will copy, transfer or move the confidential data to an ordered location where they can do what ever they want to the data. That includes ransom it or sell it to unauthorized users. It can take some time but once it is out, it’s in the attacker control.
Feel free to contact E-SPIN for your specific operation or project requirement, so we can assist you on the exact requirement in the packaged solutions that you may require for your operation or project needs, whether from the red team or blue team context and perspective.