A security analyst is reviewing an after-action report for a recent security breach. The report details the attacker's activities as a linear sequence of events: information gathering on the target, creating a malicious payload, sending it via a phishing email, a user executing the payload, establishing persistence on the user's workstation, communicating with a C2 server, and finally exfiltrating sensitive data. Which attack methodology framework BEST describes this incident?
MITRE ATT&CK
Diamond Model of Intrusion Analysis
Open Source Security Testing Methodology Manual (OSSTMM)
The Cyber Kill Chain, developed by Lockheed Martin, is the most fitting framework as it models a cyberattack as a linear sequence of phases. The scenario describes these phases in order: information gathering (Reconnaissance), creating a payload (Weaponization), sending a phishing email (Delivery), user execution (Exploitation), establishing persistence (Installation), communicating with a C2 server (Command and Control), and data exfiltration (Actions on Objectives). While frameworks like MITRE ATT&CK describe specific techniques and the Diamond Model maps adversary attributes, the Cyber Kill Chain specifically focuses on this sequential progression of an attack.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of the Cyber Kill Chain?
Open an interactive chat with Bash
How does the Cyber Kill Chain compare to the MITRE ATT&CK framework?
Open an interactive chat with Bash
What are examples of actions within the 'command and control' phase of the Cyber Kill Chain?