High Value Target view by Kill Chain phases
To prevent an extreme cyber incident at a strategic level, organizations need to adopt High Value Target specific comprehensive security measures across all stages of the cyber kill chain to stay ahead of potential extreme but plausible attacks and maintain a resilient posture.
Our view of the three Unified Kill Chain phases is centered around the asset's attributes that the adversaries seek to leverage to advance their mission.
Pre-compromise
In this phase, the attacker conducts extensive research to identify potential High Value Targets that allow them to understand the organization's infrastructure and systems that could be abused to maximize an organization-wide, extreme but plausible cyber-attack. As the objective is to prepare a well-informed attack strategy, the attributes of assets being sought after by the adversary serves the purposes of reconnaissance, discovery and even defense evasion.
Compromise
Once the adversary has identified potential High Value Target chokepoints, they move on to the compromise phase. In this stage, the focus shifts towards exploiting configuration weaknesses or vulnerabilities and gaining unauthorized access to the target organization's systems that can maximize the attacker ROI. The most wanted attributes during this phase include those that allow exploitation, malicious code deployment or lateral movement and escalation of privilege.
Post-compromise
In this final phase, the attacker aims to achieve their strategic objectives, which could include data exfiltration and system destruction or abuse. Adversaries seek to accomplish their overall mission, which should be expected to be severe and leading to long-term reputational damage. The attributes of assets that allow to multiply the attacker’s benefits in this phase are those related to stealing sensitive data, persistence and tampering on global scale.