Jump to content

Cyber Kill Chain: Difference between revisions

From ICANNWiki
Jessica (talk | contribs)
Created page with "'''Cyber Kill Chain''' is a series of steps for tracing the stages of a cyberattack. The Steps include: # Reconnaissance: Attackers assess the situation to identify targets a..."
 
Jessica (talk | contribs)
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
'''Cyber Kill Chain''' is a series of steps for tracing the stages of a cyberattack. The Steps include:  
The '''Cyber Kill Chain''' is a series of steps for tracing the stages of a cyberattack.<ref>[https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html Cyber Kill Chain, Lockheed Martin]</ref> The steps include:  
# Reconnaissance: Attackers assess the situation to identify targets and tactics.
# Reconnaissance: Attackers assess the situation to identify targets and tactics.
# Intrusion: with [[malware]] or security vulnerabilities.
# Intrusion: with [[malware]] or security vulnerabilities.
# Exploitation: of vulnerabilities to deliver malicious code into the system.
# Exploitation: of vulnerabilities to deliver malicious code into the system.
# Privilege Escalation: Attackers escalate their privileges to the level of Admin to gain access to data and permissions.
# Privilege Escalation: Attackers escalate their privileges to the level of Admin to gain access to data and permissions.
# Lateral Movement: Attackers move laterally to other systems and accounts, gaining leverage, higher
# Lateral Movement: Attackers move laterally to other systems and accounts, gaining leverage, higher permissions and more data and access.
permissions and more data and access.
# Obfuscation/Anti-forensics: Attackers cover their tracks with false trails, compromise data, and clear logs to confuse forensics teams.
# Obfuscation/Anti-forensics: Attackers cover their tracks with false trails, compromise data, and clear logs to confuse forensics teams.
# Denial of Service: Attackers disrupt access for users and systems to evade monitoring, tracking, or being blocked.
# Denial of Service: Attackers disrupt access for users and systems to evade monitoring, tracking, or being blocked.
Line 11: Line 10:


==History==
==History==
In 2011, Lockheed Martin released a paper defining a Cyber Kill Chain that was similar in concept to the U.S. military’s model.<ref>[https://www.sans.org/blog/applying-security-awareness-to-the-cyber-kill-chain/ Applying Security Awareness to the Kill Chain, Sans blog]</ref> Since then, organizations and companies have released various versions, including AT&T's "Internal Cyber Kill Chain Model"<ref>[https://cybersecurity.att.com/blogs/security-essentials/the-internal-cyber-kill-chain-model Security Essentials, Cybersecurity blog, AT&T]</ref> and Paul Pols' "Unified Kill Chain."<ref>[https://unifiedkillchain.com/ Unified Kill Chain]</ref> 


==References==
==References==
[[Category:DNS Abuse Responses]]

Latest revision as of 13:49, 1 November 2021

The Cyber Kill Chain is a series of steps for tracing the stages of a cyberattack.[1] The steps include:

  1. Reconnaissance: Attackers assess the situation to identify targets and tactics.
  2. Intrusion: with malware or security vulnerabilities.
  3. Exploitation: of vulnerabilities to deliver malicious code into the system.
  4. Privilege Escalation: Attackers escalate their privileges to the level of Admin to gain access to data and permissions.
  5. Lateral Movement: Attackers move laterally to other systems and accounts, gaining leverage, higher permissions and more data and access.
  6. Obfuscation/Anti-forensics: Attackers cover their tracks with false trails, compromise data, and clear logs to confuse forensics teams.
  7. Denial of Service: Attackers disrupt access for users and systems to evade monitoring, tracking, or being blocked.
  8. Exfiltration: Attackers extract data from the compromised system.[2]

History

In 2011, Lockheed Martin released a paper defining a Cyber Kill Chain that was similar in concept to the U.S. military’s model.[3] Since then, organizations and companies have released various versions, including AT&T's "Internal Cyber Kill Chain Model"[4] and Paul Pols' "Unified Kill Chain."[5]

References