The Cyber Kill Chain overview

I found the video below helpful in understanding The Lockheed Martin Cyber Kill Chain.

1. Reconnaissance — information gathering (social engineering)
2. Weaponization — this can happen in a lab where the cyber criminal put together the tools they need to use for the purpose of compromising the target.
3. Delivery — this can be through phishing attempts or can also be physically leaving a USB stick containing the payload in the parking lot for someone unsuspicious to pick up and plug in to their device.
4. Exploitation — this is the detonation where the payload is executed.
5. Installation — execution leads to malware being installed in the system.
6. Command and control (C2) — this is when the attacker will utilize their tools and techniques to take control of the victim’s system.
7. Actions on objectives —Whether be it to steal data or push ransomware, this step is when the attacker coordinates the attack to reach their final goals.

As defensive security professionals, the point is to break the kill chain at any stage (except Reconnaissance and weaponization) to mitigate the attacks.

One shortcoming of the Lockheed Martin Cyber Kill Chain model is that it does not address Insider Threat which can be the most prevalent type of threat an organization might face.

What you need to know about the Cyber Kill Chain — YouTube