Cyber Kill Chain
Appearance
The Cyber Kill Chain is a series of steps for tracing the stages of a cyberattack.[1] The steps include:
- Reconnaissance: Attackers assess the situation to identify targets and tactics.
- Intrusion: with malware or security vulnerabilities.
- Exploitation: of vulnerabilities to deliver malicious code into the system.
- Privilege Escalation: Attackers escalate their privileges to the level of Admin to gain access to data and permissions.
- Lateral Movement: Attackers move laterally to other systems and accounts, gaining leverage, higher
permissions and more data and access.
- Obfuscation/Anti-forensics: Attackers cover their tracks with false trails, compromise data, and clear logs to confuse forensics teams.
- Denial of Service: Attackers disrupt access for users and systems to evade monitoring, tracking, or being blocked.
- Exfiltration: Attackers extract data from the compromised system.[2]