Cyber Kill Chain

From ICANNWiki
Revision as of 19:10, 4 August 2021 by Jessica (talk | contribs)
Jump to navigation Jump to search

The Cyber Kill Chain is a series of steps for tracing the stages of a cyberattack.[1] The steps include:

  1. Reconnaissance: Attackers assess the situation to identify targets and tactics.
  2. Intrusion: with malware or security vulnerabilities.
  3. Exploitation: of vulnerabilities to deliver malicious code into the system.
  4. Privilege Escalation: Attackers escalate their privileges to the level of Admin to gain access to data and permissions.
  5. Lateral Movement: Attackers move laterally to other systems and accounts, gaining leverage, higher

permissions and more data and access.

  1. Obfuscation/Anti-forensics: Attackers cover their tracks with false trails, compromise data, and clear logs to confuse forensics teams.
  2. Denial of Service: Attackers disrupt access for users and systems to evade monitoring, tracking, or being blocked.
  3. Exfiltration: Attackers extract data from the compromised system.[2]

History

References

  1. Cyber Kill Chain, Lockheed Martin
  2. 2021 RTF Report Glossary, pg. 74
Retrieved from "https://icannwiki.org/index.php?title=Cyber_Kill_Chain&oldid=1330574"