Each cyber-attack will follow a specific chain. The chain is used by cyber security experts, cybercriminals and governments to perform successful cyber-attacks on their targets. There are various ways to perform a cyber-attack, but you will need a guide if you want to successfully perform a cyber-attack on a designated target.
A cyber-attack is performed in a couple of basic steps, each step that you personally add, will increase or decrease the chance of success.
(1) The first step that has to be taken is the reconnaissance step. In this step you will gather all the possible information that you can use. There are various tools and techniques which allow you to reconnaissance on a target.
The NMAP or ZENMAP tool can be used to perform network scans on the selected target. These scans will provide the attack vital information about the security settings of the selected target. In the reconnaissance step you will be able to investigate the target for weak spots (vulnerabilities). Remember that these vulnerabilities to not have to be ‘cyber’ vulnerabilities.
The weak spot of a target can also be a ‘physical’ weak spot. For example, people that leave the door open, after they have smoked a cigarette outside.
The next step is to (2) categorize the found information, and take a look at the CVE database if there are any (3) known vulnerabilities available. Weaponize these vulnerability to a malicious package.
There are various methods and techniques to (4) deliver malicious packages to the selected target. Take a look at the following listed cyber delivery attacks:
- Malicious e-mail (Gmail)
- Infected usb-stick
- Infected picture
- Infected pdf-file – Take a look at the PDF Exploit Generator which has been developed by the Security Expert Claes Spett.
Once the malicious package has been delivered at the designated target, you will be able to (5) exploit the environment. The most used hacking framework is the Metasploit Framework. This framework contains various codes and methods to perform a successful cyber-attack.
If it is needed, you will be able to exploit the environment to gain further access to the environment. Hackers and security experts, (6) install backdoor applications as these will allow them to reconnect to the infected device.
Command and Control
The infected machine(s) will be viewable in the (7) Metasploit Command and Control center. This allows the hackers to manage their infected devices.
- Infect other machines
- Infect the network
- Delete traces of infection
- Download / Upload files
Act on objectives
Each successful cyber-attack had a direct objective. (8) Stick to the objective.
Flaw in Martin Lockheed ‘Cyber Kill chain’
Lockheed Martin published a similar attack chain titled ‘The Cyber Kill Chain‘. The Lockheed Martin chain misses one important factor. The ‘find vulnerabilities’ factor. This factor is needed as it will provide the attacker insight on the weak spots of the environment. Doing reconnaissance, is not a specific search for vulnerabilities.