Understanding the graphic

Computer scientists at Lockheed-Martin corporation described in 2011 the usage of a new "intrusion kill chain" framework or model to defend computer networks.^[1] They wrote that attacks may occur in stages and can be disrupted through controls established at each stage. The kill chain can also be used as a management tool to help continuously improve network defense. Threats must progress through seven stages in the model:

• Reconnaissance: Intruder selects target, researches it, and attempts to identify vulnerabilities in the target network.
• Weaponization: Intruder creates remote access malware weapon, such as a virus or worm, tailored to one or more vulnerabilities.
• Delivery: Intruder transmits weapon to target (e.g., via e-mail attachments, websites or USB drives)
• Exploitation: Malware weapon's program code triggers, which takes action on target network to exploit vulnerability.
• Installation: Malware weapon installs access point (e.g., "backdoor") usable by intruder.
• Command and Control: Malware enables intruder to have "hands on the keyboard" persistent access to target network.
• Actions on Objective: Intruder takes action to achieve their goals, such as data exfiltration, data destruction, or encryption for ransom.

A U.S. Senate investigation of the 2013 Target Corporation data breach included analysis based on the Lockheed-Martin kill chain framework. It identified several stages where controls did not prevent or detect progression of the attack.^[2]

References

ملخص

ترخيص

	هذا الملفُّ مِن عمل بحَّارٍ أو مُوظَّفٍ في بحريَّة الولايات المُتحدة الأمريكيَّة، أُنشِئ بصفته جُزءاً من واجبات هذا الشَّخص الرَّسميَّة. ولأنَّه عملٌ مِن إِنتاج الحكومة الاتحاديَّة للولايات المُتحدة الأمريكيَّة، فهو يقع في النِّطاق العامِّ.
	هذا الملفُّ مَلحُوظُ بصفته غيرَ مُقيَّدٍ بحقوق التَّأليف والنشر، وهذا يشمل أيضاً الحقوق المُجاوِرة أَو ذات الصلة جميعُها.

https://creativecommons.org/publicdomain/mark/1.0/PDMCreative Commons Public Domain Mark 1.0falsefalse