This article is about the military and information security concept. This model has seen some adoption in the information target store cyber plan pdf community.
However, acceptance is not universal, with critics pointing to what they believe are fundamental flaws in the model. Target: Select an appropriate weapon or asset to use on the target to create desired effects. Engage: Apply the weapon to the target. Assess: Evaluate effects of the attack, including any intelligence gathered at the location.
This is an integrated, end-to-end process described as a “chain” because an interruption at any stage can interrupt the entire process. North Korean launch sites, nuclear facilities and manufacturing capability and destroy them pre-emptively if a conflict seems imminent. Computer scientists at Lockheed-Martin corporation described a new “intrusion kill chain” framework or model to defend computer networks in 2011. They wrote that attacks may occur in stages and can be disrupted through controls established at each stage. Since then, the “cyber kill chain” has been adopted by data security organizations to define stages of cyber-attacks. A cyber kill chain reveals the stages of a cyberattack: from early reconnaissance to the goal of data exfiltration. The kill chain can also be used as a management tool to help continuously improve network defense.
Reconnaissance: Intruder selects target, researches it, and attempts to identify vulnerabilities in the target network. Weaponization: Intruder creates remote access malware weapon, such as a virus or worm, tailored to one or more vulnerabilities. Exploitation: Malware weapon’s program code triggers, which takes action on target network to exploit vulnerability. Command and Control: Malware enables intruder to have “hands on the keyboard” persistent access to target network. Actions on Objective: Intruder takes action to achieve their goals, such as data exfiltration, data destruction, or encryption for ransom. Senate investigation of the 2013 Target Corporation data breach included analysis based on the Lockheed-Martin kill chain framework.
It identified several stages where controls did not prevent or detect progression of the attack. To maximize threat detection, all phases of the kill chain are monitored for threat indicators. During the development phase, threat groups may purchase tools, register domains, and purchase hosts among other activities. The “Four Fs” is a military term used in the United States military, especially during World War II.