Jump to content

Cyber Kill Chain: Difference between revisions

From ICANNWiki
Jessica (talk | contribs)
Created page with "'''Cyber Kill Chain''' is a series of steps for tracing the stages of a cyberattack. The Steps include: # Reconnaissance: Attackers assess the situation to identify targets a..."
 
Jessica (talk | contribs)
No edit summary
Line 1: Line 1:
'''Cyber Kill Chain''' is a series of steps for tracing the stages of a cyberattack. The Steps include:  
The '''Cyber Kill Chain''' is a series of steps for tracing the stages of a cyberattack.<ref>[https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html Cyber Kill Chain, Lockheed Martin]</ref> The steps include:  
# Reconnaissance: Attackers assess the situation to identify targets and tactics.
# Reconnaissance: Attackers assess the situation to identify targets and tactics.
# Intrusion: with [[malware]] or security vulnerabilities.
# Intrusion: with [[malware]] or security vulnerabilities.

Revision as of 19:10, 4 August 2021

The Cyber Kill Chain is a series of steps for tracing the stages of a cyberattack.[1] The steps include:

  1. Reconnaissance: Attackers assess the situation to identify targets and tactics.
  2. Intrusion: with malware or security vulnerabilities.
  3. Exploitation: of vulnerabilities to deliver malicious code into the system.
  4. Privilege Escalation: Attackers escalate their privileges to the level of Admin to gain access to data and permissions.
  5. Lateral Movement: Attackers move laterally to other systems and accounts, gaining leverage, higher

permissions and more data and access.

  1. Obfuscation/Anti-forensics: Attackers cover their tracks with false trails, compromise data, and clear logs to confuse forensics teams.
  2. Denial of Service: Attackers disrupt access for users and systems to evade monitoring, tracking, or being blocked.
  3. Exfiltration: Attackers extract data from the compromised system.[2]

History

References