In today’s wildly unpredictable threat landscape, the modern enterprise should be familiar with the cyber kill chain concept. A cyber kill chain describes the various stages of a cyberattack pertaining to network security. Lockheed Martin developed the cyber kill chain framework to help organizations identify and prevent cyber intrusions.
The steps in a kill chain trace the typical stages of an attack from early reconnaissance to completion. Analysts use the framework to detect and prevent advanced persistent threats (APT).
Organizations can use the cyber kill chain to defend themselves against many complex attacks, such as last year’s Uber hack. If you recall, back in September of 2022, a threat actor successfully infiltrated the company’s Slack application by convincing an employee to grant them access. The attacker spammed the employees with multi-factor authentication (MFA) push notifications until they could gain access to internal systems and browse the source code.
This article will walk you through the kill chain of this specific attack twice. First, we’ll take the perspective of the attacker, and then we’ll outline the prevention strategies organizations can take at each step of the chain.
Each Step of the Cyberattack Kill Chain
Recon
This first step is about information gathering. Like in many attacks, threat actors use social engineering tactics to gain access to employee information. Attackers typically gather intelligence from scraping data readily available from public sources, called open source intelligence (OSINT). Thanks to social media and publicly documented online activities, attackers can easily profile an organization or employee.
