Definition Edit

A kill chain is "a set of generic steps characterising [cyber]attacks."[1]

Overview Edit

"In particular, a kill chain consists of the following seven steps:

Reconnaissance: is the action of researching and analysing information about the target and the environment within which the attack will be deployed. In this phase, assumptions for the number and kind of vulnerabilities to be exploited are being made.
Weaponization: is the phase where the malicious payload to be used has been selected and "loaded", that is, made ready for use for the target environment.
Delivery: is the action of transmission of the malicious payload to the target environment.
Exploitation: is the act of letting the delivered payload make his job by exploiting vulnerabilities that are available in the target environment. Usually these are technical vulnerabilities but in some attacks these may well also be systemic or organisational vulnerabilities including humans.
Installation: is the phase where the delivered payload has successfully exploited a vulnerability and has been installed in the target environment.
Command and Control (C2): in this step the installed payload establishes outbound connection to the controller environment in order to enable interaction with the adversary who launched the attack.
Action on Objectives: this is the final phase of a successful attack where the threat agent is in the position to take over the targeted asset. Depending on the kind of target, this activity may include information retrieval, information manipulation, application misuse, etc."[2]

References Edit

  1. ENISA Threat Landscape 2013–Overview of Current and Emerging Cyber-Threats, at 11.
  2. Id. at 11-12.

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.