The Cyber Kill Chain is a signature road map for cyber security professionals, which was developed by Lockheed Martin. The Cyber Kill Chain describes seven sequential steps of a cyber attack. Social media is becoming a co-contributor to cyber-attackers as the moon is bright. Whale phishing is a term used to describe wealthier individuals or high profile business executives. Millions of executives use social media to market products, sale an idea and share implicitly internal information. The sequential seven steps are listed below:
- Reconnaissance – Reconnaissance uses various methods used to gather public information about a target or adversary;
- Weaponization – Weaponization can be further used to identify vulnerabilities in hardware and software;
- Delivery – Once vulnerabilities have been identified, attacks methods are dispersed in various forms;
- Exploitation – Malware opens back doors for cyber-criminals, allowing cyber-criminals to remotely connect to further exploit;
- Installation – Malware has gone stealth on infected hosts to download its own software;
- Command and Control – Cyber-criminals have control of infected hosts where the privileges are of administrators, having control of hosts for more than 120 days; and
- Action – Having the privileges of an administrator, cyber-criminals infected hosts move to other critical systems with the intent of stealing data and/or using infected hosts in other cyber-attacks.
Hayes, N. “Why Social Media Sites are the new Cyber Weapons of Choice.” 06 Sept. 2016, http://www.darkreading.com/attacks-breaches/why-social-media-sites-are-the-new-cyber-weapons-of-choice/a/d-id/1326802. Accessed 02, May 2017.
Kane, C. “Cyber Kill Chain .” 08 Sept. 2014, http://gauss.ececs.uc.edu/Courses/c5155/pdf/kill-chain.pdf. Accessed 02, May 2017.
“Cyber Kill Chain.” Lockheed Martin, http://www.lockheedmartin.com/us/what-we-do/aerospace-defense/cyber/cyber-kill-chain.html. Accessed 02, May 2017.