An example of the Cyber Kill Chain is the 2013 Target data breach, which followed the typical stages of the kill chain:
- Reconnaissance: Attackers identified vulnerabilities in Target’s third-party HVAC vendor.
- Weaponization: They created malware designed to exploit these vulnerabilities.
- Delivery: The malware was delivered via phishing emails to vendor employees.
- Exploitation: Using legitimate vendor credentials, attackers penetrated Target’s network.
- Installation: Memory-scraping malware was installed on point-of-sale machines.
- Command and Control: The malware communicated with attackers’ servers to exfiltrate data.
- Actions on Objectives: Attackers stole 70 million customer records and 40 million credit card numbers
Another well-known example is the WannaCry ransomware attack, which exploited the "EternalBlue" vulnerability:
- Reconnaissance involved finding systems lacking SMB patches.
- Delivery was via self-replicating worms spreading the ransomware.
- Exploitation involved encrypting files and demanding ransom.
- Installation and command and control phases enabled persistence and communication with attackers.
- Actions on objectives were the encryption of victim files and ransom demands
These examples illustrate how attackers progress through the Cyber Kill Chain stages to achieve their goals, emphasizing the importance of disrupting the chain early to prevent successful attacks.
