Monday 15 September 2014

Lockheed Martin Cyber Kill Chain

When I first saw the the Cyber Kill Chain, it wasn't actually the Cyber Kill Chain.  What I saw was the Websense 7 Stages of Advanced Threats.

The Lockheed Martin Cyber Kill Chain states there are seven stages of a cyber attack, and your organisation can be protected, if the chain is stopped at any of the stages.  The higher up the chain it can be stopped, the better the protection to your network.

The stages are as follows:

  1. Reconnaissance
  2. Weaponise
  3. Deliver
  4. Exploit
  5. Install
  6. Command & Control
  7. Act on Objectives

Websense 7 Stages of Advanced Threats

Websense have taken the phases above, and mapped them to the Websense 7 Stages of Advanced Threats.


Prior to a breach, some research (or recon) will need to be done.  This research will include the company and its people.  By way of checking yourself, a quick internet search of your organisation or you will bring up a lot of information.  The use of LinkedIn helps pinpoint people to organisations, as well as organisations that work together.  While Facebook and Twitter will help with hobbies and out of work activities.


If hobbies or working relationships are known, the lure containing information regarding hobbies or an organisation you work with will be of interest.  The lures can use email and social media from seemingly trusted sources.


Emails and social media can contain links, which then redirect the target, scan a system or prompt for software to be installed.

Exploit Kit

The links can be for compromised websites, where an exploit kit located there can scan the users computer for vulnerabilities.  The exploit kit is effectively looking for a path into the computer.

Dropper File

The dropper file is the malware that is used to infect the users computer.  The software when executed can immediate start gathering data, it can sit dormant for a period of time to mask it's true intentions, or may be used to deliver malware in the future.

Call Home

The malware can then call home, contacting a Command & Control server to receive instructions, or additional software and tools.

Data Theft

What as the point of all of this effort?  To steal data!

Stopping the Attack

Not all attacks will contain will seven stages.  Some attacks will only involve three of these stages, but it highlights the sooner in the chain the attack is prevented, the less damage that will be done to the network.

Working in a technical environment, I see a number of solutions that only focus on some of these stages, which is no good if the attack skips those steps.  I have worked with the Websense solutions for over seven years, and see that their solutions can prevent attack at all levels (expect the "Recon", but no technical solution can prevent an attacker from carrying out an internet search on people or organisations!)

MTI is a Websense Platinum Partner in the UK, and can help secure your network against cyber attacks.

No comments:

Post a Comment