What Is Meta's Cyber Kill Chain?
The Cyber Kill Chain, devised by Lockheed Martin, is a framework to protect organizations from a cyberattack. But with Web 3.0 looming, leaders at Meta introduced a new Cyber Kill Chain.
As technology continues to evolve, so do threat actors. Today’s cyberattacks are far more sophisticated than the attacks that led to the establishment of the first Cyber Kill Chain in 2014, calling for new ways to identify cyberattacks in progress.
Security leaders have criticized the Cyber Kill Chain for lacking cloud and distributed security abilities. It mainly focuses on perimeter security, quickly becoming a secondary focus for organizations switching to cloud-based implementations, introducing new IoT devices, and utilizing connected workers across the globe. It also doesn’t account for the various attack vectors and types that have become more prominent among SD-WAN implementations. Cybersecurity is becoming a crucial issue in light of these changes, but the old Cyber Kill Chain doesn’t address endpoint security for devices and users that don’t reside on-prem.
One of the creators of the original Cyber Kill Chain recently introduced a new approach to cybersecurity at this year’s Cyberwarcon event. Cyberwarcon is a conference focusing on cyberattacks, threat actors, and their influence on society. It’s a meeting of the minds on how to better identify and explore threats to spread awareness about cyberattack activities and enable organizations to reduce their attack surface and eliminate threats.
Online Operations Kill Chain
Eric Hutchins, who is now a security engineer and investigator for Meta, along with his colleague Ben Nimmo, the global lead for threat intelligence at the organizations, presented a new Kill Chain model at the conference to address the evolving needs of organizations in the face of more sophisticated and intelligent threat actors.
Today’s remote workers and cloud-based organizations have different needs than on-prem implementations. They need advice on things like how to know if your phone is hacked by a malicious threat actor, how to protect your credentials from onlooking threats, and how to tell if a website is legitimate.
The new Cyber Kill Chain model needed to apply to many different operations. Threat actors are turning to in-browser attacks to launch account takeovers, like the Ghostwriter campaign that targeted Eastern European countries to threaten their position against incoming military operations. While this is a high-level, large-scale attack that many organizations will never face, it represents a shift in the goals, vectors, and techniques that hackers use to infiltrate and cause chaos for online organizations.
The Online Operations Kill Chain was designed to bridge the gaps left in the original Cyber Kill Chain approach that could be widely applied to numerous attack types.
10 Steps of the Online Operations Kill Chain
1. Acquire Assets
2. Disguise Assets
3. Gather Information
4. Coordintate and Plan
5. Test Defenses
6. Evade Detection
7. Engage Indiscriminately
8. Target Engagements
9. Compromise Assets
10. Enable Persistence
The creators of the Online Operations Kill Chain express that this version of the Cyber Kill Chain is modular, and the order of steps may vary from threat to threat. While many operations are likely to appear very similar with the rise of ransomware gangs and hacker groups, more sophisticated attacks could appear with slight differences to throw their targets off track.
The Online Operations Kill Chain is meant to identify phases commonly used in the new era of distributed networks and software-defined perimeters. It is a framework to measure an organization’s effectiveness in making defense moves earlier in the Kill Chain and stopping threats before anything becomes compromised.
Meta’s Cyber Kill Chain vs. Lockheed Martin's Cyber Kill Chain
BlackBerry’s suite of Cylance cybersecurity solutions was 100 percent successful in preventing both the Wizard Spider and Sandworm attack emulations very early in MITRE ATT&CK's 2022 evaluation—before any damage occurred.
BlackBerry’s CylancePROTECT® and CylanceOPTICS® solutions provided comprehensive detections on individual attack techniques with high confidence, helping to reduce wasted resources spent chasing false positives.