Understanding the graphic

Computer scientists at Lockheed-Martin corporation described in 2011 the usage of a new "intrusion kill chain" framework or model to defend computer networks.^[1] They wrote that attacks may occur in stages and can be disrupted through controls established at each stage. The kill chain can also be used as a management tool to help continuously improve network defense. Threats must progress through seven stages in the model:

• Reconnaissance: Intruder selects target, researches it, and attempts to identify vulnerabilities in the target network.
• Weaponization: Intruder creates remote access malware weapon, such as a virus or worm, tailored to one or more vulnerabilities.
• Delivery: Intruder transmits weapon to target (e.g., via e-mail attachments, websites or USB drives)
• Exploitation: Malware weapon's program code triggers, which takes action on target network to exploit vulnerability.
• Installation: Malware weapon installs access point (e.g., "backdoor") usable by intruder.
• Command and Control: Malware enables intruder to have "hands on the keyboard" persistent access to target network.
• Actions on Objective: Intruder takes action to achieve their goals, such as data exfiltration, data destruction, or encryption for ransom.

A U.S. Senate investigation of the 2013 Target Corporation data breach included analysis based on the Lockheed-Martin kill chain framework. It identified several stages where controls did not prevent or detect progression of the attack.^[2]

References

خلاصه

اجازه‌نامه

	این پرونده اثر یک دریانورد یا کارمند نیروی دریایی ایالات متحده که طی انجام مأموریت‌های رسمی شخص گرفته شده‌است. به عنوان اثری از دولت فدرال ایالات متحده، نگاره در مالکیت عمومی قرار دارد.
	این پرونده تحت قانون حق تکثیر محدودیت آزاد منتشر شده که شامل تمامی حقوق مربوطه و حقوق نزدیک به آن می‌شود.

https://creativecommons.org/publicdomain/mark/1.0/PDMCreative Commons Public Domain Mark 1.0falsefalse