Security analysts have detected anomalous activity on several endpoints that indicates malicious code has already begun executing. According to the Lockheed-Martin Cyber Kill Chain framework, in which stage is the attack now, and what should be the primary focus of the response at this point?
Exploitation: contain and neutralize the compromise
Delivery: transmit the malicious payload to the network
Reconnaissance: gather intelligence on potential targets
Installation: deploy malware for long-term persistence
When malicious code executes on a target system, the attack has reached the Exploitation stage of the Cyber Kill Chain. At this point defenders should concentrate on rapid containment and neutralization-isolating affected hosts, blocking the exploit's command paths, and preventing the attacker from progressing to Installation or later stages. Reconnaissance precedes any code delivery, Delivery involves only transmitting the payload, and Installation occurs after successful exploitation when malware is placed to maintain persistence.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the different stages of the Cyber Kill Chain framework?
Open an interactive chat with Bash
What methods can organizations use to identify and neutralize threats during the Intrusion stage?
Open an interactive chat with Bash
What should an organization do once an intruder is detected during the Intrusion stage?