The seven phases of a digital assault (cyber attack) are often referred to as the Cyber Kill Chain, a concept developed by Lockheed Martin to break down the sequence of steps an adversary may take to successfully compromise a target. Understanding these phases helps organizations better perceive and defend against potential cyber threats. The phases include:

1. Reconnaissance

• Objective: Gather information about the target.
• Perception: The attacker studies the potential victim, identifying vulnerabilities, open ports, IP addresses, social media profiles, and public-facing technologies that could be exploited.
• Indicators: Increased scanning activity, suspicious access to public resources, social engineering attempts.

2. Weaponization

• Objective: Create the malicious payload (weapon).
• Perception: The attacker develops or modifies malware, viruses, or other exploits that will be used to infiltrate the system, often bundling it with an exploit for delivery.
• Indicators: None at this stage for the victim, as this phase happens within the attacker’s environment.

3. Delivery

• Objective: Transmit the malicious payload to the victim.
• Perception: The attacker sends the malware to the target, typically via phishing emails, infected attachments, malicious links, or compromised websites.
• Indicators: Suspicious emails or communications, unusual downloads, or clicking on infected URLs.

4. Exploitation

• Objective: Exploit the vulnerability.
• Perception: The malware or payload is triggered and executed within the target system, often exploiting a vulnerability in software, hardware, or user behavior.
• Indicators: Abnormal system behavior, unexpected installations, error logs, or system crashes.

5. Installation

• Objective: Install persistent malware on the victim’s system.
• Perception: The attacker installs a backdoor or other malware to maintain access and potentially escalate privileges within the target network.
• Indicators: Unusual system processes, hidden or rogue files, changes to critical system settings.

6. Command and Control (C2)

• Objective: Establish communication between the infected system and the attacker’s infrastructure.
• Perception: The attacker sets up a command-and-control channel to remotely control the compromised system or network.
• Indicators: Outgoing traffic to suspicious domains or IP addresses, encrypted or unusual network traffic patterns.

7. Actions on Objectives

• Objective: Achieve the attacker’s goal, such as data exfiltration, destruction, or system control.
• Perception: The attacker takes final actions based on their intent—stealing sensitive data, deleting information, disrupting services, or extorting the victim.
• Indicators: Large amounts of data being transferred, deleted files, corrupted systems, ransom demands, or service interruptions.

By perceiving and detecting the signs of a cyber attack at each of these phases, organizations can better defend themselves and mitigate potential damage. Effective defenses, such as intrusion detection systems (IDS), firewalls, endpoint monitoring, and employee awareness training, can disrupt these phases and stop the attack before it reaches its final objective.