Building Effective Defense with the Phishing Kill Chain

What is the Phishing Kill Chain?

Many people have heard of the cyber kill chain, but what about the phishing kill chain? Like the cyber kill chain, this model of phishing attacks can be used to help identify and stop phishing attempts. The phishing kill chain flows as follows:

  1. Targeting. The potential phisher determines their next target and create the phishing email and email list
  2. Delivery. The phishing email attempt is sent to the person or persons on the email list
  3. Deception. The phishing email uses deceptive information within the email to trick the user
  4. Click. The victim clicks on the malicious link(s) in the email
  5. Surrender. The victim inputs data, normally some personal data, into the malicious site
  6. Extraction. The malicious site sends the information to the attacker
  7. Action. The attacker uses the stolen information to commit cybercrime

Using the Phishing Kill Chain

Using the phishing kill chain to create defensive techniques is an effective method to assist in preventing successful phishing attempts. The human is often the weakest link in protecting computer systems, and implementing extra defenses offsets the potential damage caused when an unsuspecting user clicks a malicious links.

The first two steps in the kill chain can prove very important to picking defense mechanisms for your organization. Understanding who would target your organization could help you better understand the delivery capabilities of your potential attacker(s).

Take, for example, the Department of Defense. Any branch of the military could safely assume that any of their networks are a desired target for foreign entities. These potential bad actors could be funded by governments, meaning they would have the ability to finance sophisticated tools and continuous phishing attempts. Knowing this would encourage the owners of military systems to invest in strong defense mechanisms. By comparison, a smaller firm with (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Tyra Appleby. Read the original post at: