# Cyber Threat Life Cycle (Stages) ## The Life Cycles of Cyber Threats > [The Life Cycles of Cyber Threats](https://www.tandfonline.com/doi/full/10.1080/00396338.2016.1142093?casa_token=yWLINFgVMDoAAAAA:WPLlvPGeYzPMo_G1Tp9aIOyRtALZ3NXqxEsZHi6d3zmMulZyZVzIJaBgY6GRPQS4vKU_PeYBKnvM3w) * 4 stages * discovery and development - discovery a vulnerability * introduction - an exploit can begin to be used against operational systems * growth - malicious actors will know that the exploit can be effectively used against a set of targets * maturation - fixes are developed to address the problem ## Cyber Kill Chain > [The Cyber Kill Chain](https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html) > [How Hackers Breach Defences: the Stages of a Cyber Attack](https://cyberone.security/how-hackers-breach-defences-the-stages-of-a-cyber-attack/) > [Yadav, T., Rao, A.M. (2015). Technical Aspects of Cyber Kill Chain. In: Abawajy, J., Mukherjea, S., Thampi, S., Ruiz-Martínez, A. (eds) Security in Computing and Communications. SSCC 2015. Communications in Computer and Information Science, vol 536. Springer, Cham. https://doi.org/10.1007/978-3-319-22915-7_40](https://link.springer.com/chapter/10.1007/978-3-319-22915-7_40) * 7 stages * Reconnaissance - Understanding the target, e.g., harvesting email addresses for a phishing campaign. * Weaponisation - Turning an attack vector (e.g., an exploit) into a deliverable payload. * Delivery. Delivering the payload to the target (e.g., via a phishing email). * Exploitation - Exploiting a vulnerability to run code on the target system. * Installation - Installing the payload (e.g., ransomware) on the target system. * Command and Control (C2) - Communication between the infected system and infrastructure owned by the attacker (e.g., to allow the attacker to control an infected machine remotely). * Action on Objectives - Completing the attacker’s ultimate goal (e.g., stealing sensitive information or extorting the target organisation). ## UK National Cyber Security Centre (NCSC)'s simplified version of the Kill Chain > [How cyber attacks work (NCSC)](https://www.ncsc.gov.uk/information/how-cyber-attacks-work) * 4 stages * Survey - investigating and analysing available information about the target in order to identify potential vulnerabilities * Delivery - getting to the point in a system where a vulnerability can be exploited * Breach - exploiting the vulnerability/vulnerabilities to gain some form of unauthorised access * Affect - carrying out activities within a system that achieve the attacker’s goal ## Cyber attack modeling and simulation for network security analysis's 10 stages > [M. E. Kuhl, M. Sudit, J. Kistner and K. Costantini, "Cyber attack modeling and simulation for network security analysis," 2007 Winter Simulation Conference, Washington, DC, USA, 2007, pp. 1180-1188, doi: 10.1109/WSC.2007.4419720.](https://dl.acm.org/doi/abs/10.5555/1351542.1351749) * ACM/IEEE Conference Paper(WSC'07) * 10 stages * Recon. Footprinting * Intrusion User * Escalation Service * Intrusion Root * Goal Denial of Service * Recon. Enumeration * Intrusion User * Escalation Service * Intrusion Root * Goal Pilfering ![](https://hackmd.io/_uploads/ByGYDYvE2.gif)