Understanding Attack Methods

Overview

While there are many different threats, threat actors, and scenarios, they typically follow a similar process. These have been summarized in the common cyber attack kill chain, and attack frameworks like MITRE ATT&CK.

Cyber Attack Process

There are 7 common steps in the Cyber Attack Process, first articulated by Lockheed Martin as the cyber attack kill chain:

1. Reconnaissance: The threat actor conducts research to find as much information as possible on the targets they want to attack, including vulnerabilities and weaknesses.
2. Weaponization: The threat actor creates or acquires the arsenal for attack, such as malware.
3. Delivery: The weapon is launched against the target and the operation begins.
4. Exploitation: The threat actor must take advantage of vulnerability to gain access.
5. Installation: The threat actor might install a backdoor or create ways to keep their access for the attack.
6. Command and control: The threat actor enables remote control and manipulation of the target.
7. Action on objectives: The threat actor accomplishes their mission and completes the attack goal.

Reference:
First articulated by Lockheed Martin as the “kill chain” now used across the industry as a standard (https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html)

The MITRE ATT&CK Framework

ATT&CK refers to Adversarial Tactics, Techniques, and Common Knowledge. MITRE's attack framework is created to document common tactics, techniques, and procedures threats use against various enterprise systems. It outlines how attackers exploit vulnerabilities and weaknesses in systems to carry out attacks. As you work to find and fix vulnerabilities, this is a great resource to reference.

Take a moment to explore the framework here: https://attack.mitre.org