The evolution of the Lockheed Martin kill chain

The Lockheed Martin Kill Chain is a framework used to describe the stages of a cyber attack, from initial compromise to exfiltration of data. The concept of a kill chain has been around for decades, but the specific model developed by Lockheed Martin has become widely adopted in the cybersecurity industry.

The Lockheed Martin Kill Chain has evolved over time as the tactics and technologies used by attackers have changed. Initially, the focus was on traditional network attacks, but the rise of mobile devices and the Internet of Things has led to the inclusion of additional stages to cover these types of attacks.

The original Lockheed Martin Kill Chain consists of seven stages:

1. Reconnaissance: This is the first stage of the attack, where the attacker gathers information about the target. This may include researching the target's employees, network infrastructure, and potential vulnerabilities.
2. Weaponization: In this stage, the attacker creates a means of delivering the payload (e.g., malware or exploit) to the target.
3. Delivery: The payload is delivered to the target, usually via email or a malicious website.
4. Exploitation: The payload is executed, allowing the attacker to gain access to the target's system.
5. Installation: In this stage, the attacker installs any necessary tools or malware on the target's system to maintain control and access.
6. Command and control: The attacker establishes a means of communicating with the compromised system and issuing commands.
7. Actions on objectives: The attacker carries out their intended objectives, such as stealing data or disrupting services.

In addition to the seven core stages, the Lockheed Martin Kill Chain model also includes three additional stages that can occur before or after the core stages:

1. Pre-attack: This stage includes activities such as supply chain attacks or the insertion of hardware backdoors.
2. Post-attack: This stage includes activities such as data exfiltration and the destruction of evidence.
3. Reroute: This stage includes activities such as redirecting the attack to a different target or disrupting the kill chain.

The Lockheed Martin Kill Chain model is a valuable tool for understanding the different stages of a cyber attack and for identifying potential points of intervention. By understanding the different stages of the attack, organizations can implement targeted defenses and responses to mitigate the risk of a successful attack.