The Lockheed Martin Cyber Kill Chain is a framework for understanding and countering cyberattacks. It was developed by Lockheed Martin in 2011 and is widely used in the cybersecurity industry.
The Cyber Kill Chain describes the stages of a typical cyberattack, from the initial reconnaissance to the final exfiltration of data. The seven stages are:
- Reconnaissance: The attacker gathers information about the target system and identifies potential vulnerabilities.
- Weaponization: The attacker creates or obtains a weapon, such as malware or a phishing email, to exploit the identified vulnerability.
- Delivery: The attacker delivers the weapon to the target system, usually through email, social engineering, or other means.
- Exploitation: The weapon is activated and exploits the identified vulnerability, allowing the attacker to gain access to the system.
- Installation: The attacker installs malware or other tools to maintain access to the system and establish a foothold.
- Command and Control (C2): The attacker establishes a connection to a remote server, allowing them to control the compromised system and carry out further attacks.
- Actions on Objectives: The attacker achieves their objectives, which may include stealing data, disrupting services, or causing other damage.
By understanding each stage of the Cyber Kill Chain, organizations can develop strategies to detect, prevent, and respond to cyberattacks. The framework emphasizes the importance of proactive defense measures, such as threat intelligence, vulnerability scanning, and access controls, to disrupt attacks early in the kill chain and minimize the impact of successful attacks.
