Understanding the cyber kill chain model can help you keep your organization more secure.
In the military, a kill chain refers to a specific sequence of events leading up to an attack. The kill chain starts with identifying a target and then progresses through additional steps, such as getting a fix on the target’s location and tracking the target’s movement. This basic concept has been adapted to cyber attacks in what is sometimes referred to as a cyber kill chain model.
It's worth noting that every cyber attack is different because attackers have their own way of doing things and because each target is unique. Even so, the cyber kill chain model can be used to identify and look out for the steps criminals take in most cyber attacks.
1. Reconnaissance
The first step in the cyber kill chain model is reconnaissance. Reconnaissance is based on the idea that attackers need to know something about the target prior to launching the attack. Now, obviously, this concept does not apply to random attacks, but if attackers are specifically targeting a particular organization, they will need a point of entry. Only reconnaissance will reveal the best point of entry for an attacker to use.
2. Intrusion
The second step in the cyber kill chain model is intrusion. Intrusion is exactly what it sounds like: This is the step where attackers make it into the network that they wish to attack. Intrusion can be performed in any number of different ways. Attackers might use malware to gain entry into the network or stolen credentials and a VPN, among many other types of methods.
Image Source: ITProToday