Difference between revisions of "Cyber Kill Chain"
Jump to navigation
Jump to search
| Line 4: | Line 4: | ||
# Exploitation: of vulnerabilities to deliver malicious code into the system. | # Exploitation: of vulnerabilities to deliver malicious code into the system. | ||
# Privilege Escalation: Attackers escalate their privileges to the level of Admin to gain access to data and permissions. | # Privilege Escalation: Attackers escalate their privileges to the level of Admin to gain access to data and permissions. | ||
| − | # Lateral Movement: Attackers move laterally to other systems and accounts, gaining leverage, higher | + | # Lateral Movement: Attackers move laterally to other systems and accounts, gaining leverage, higher permissions and more data and access. |
| − | permissions and more data and access. | ||
# Obfuscation/Anti-forensics: Attackers cover their tracks with false trails, compromise data, and clear logs to confuse forensics teams. | # Obfuscation/Anti-forensics: Attackers cover their tracks with false trails, compromise data, and clear logs to confuse forensics teams. | ||
# Denial of Service: Attackers disrupt access for users and systems to evade monitoring, tracking, or being blocked. | # Denial of Service: Attackers disrupt access for users and systems to evade monitoring, tracking, or being blocked. | ||
| Line 11: | Line 10: | ||
==History== | ==History== | ||
| + | In 2011, Lockheed Martin released a paper defining a Cyber Kill Chain that was similar in concept to the U.S. military’s model.<ref>[https://www.sans.org/blog/applying-security-awareness-to-the-cyber-kill-chain/ Applying Security Awareness to the Kill Chain, Sans blog]</ref> Since then, organizations and companies have released various versions, including AT&T's "Internal Cyber Kill Chain Model"<ref>[https://cybersecurity.att.com/blogs/security-essentials/the-internal-cyber-kill-chain-model Security Essentials, Cybersecurity blog, AT&T]</ref> and Paul Pols' "Unified Kill Chain."<ref>[https://unifiedkillchain.com/ Unified Kill Chain]</ref> | ||
==References== | ==References== | ||
Revision as of 19:20, 4 August 2021
The Cyber Kill Chain is a series of steps for tracing the stages of a cyberattack.[1] The steps include:
- Reconnaissance: Attackers assess the situation to identify targets and tactics.
- Intrusion: with malware or security vulnerabilities.
- Exploitation: of vulnerabilities to deliver malicious code into the system.
- Privilege Escalation: Attackers escalate their privileges to the level of Admin to gain access to data and permissions.
- Lateral Movement: Attackers move laterally to other systems and accounts, gaining leverage, higher permissions and more data and access.
- Obfuscation/Anti-forensics: Attackers cover their tracks with false trails, compromise data, and clear logs to confuse forensics teams.
- Denial of Service: Attackers disrupt access for users and systems to evade monitoring, tracking, or being blocked.
- Exfiltration: Attackers extract data from the compromised system.[2]
History
In 2011, Lockheed Martin released a paper defining a Cyber Kill Chain that was similar in concept to the U.S. military’s model.[3] Since then, organizations and companies have released various versions, including AT&T's "Internal Cyber Kill Chain Model"[4] and Paul Pols' "Unified Kill Chain."[5]