Cyber Kill Chain(網路狙殺鏈)是一個用於描述網路攻擊過程的模型。它由美國國防承包商洛克希德·馬丁(Lockheed Martin)開發,旨在幫助組織了解並防禦高級網路威脅。該模型將攻擊過程分解為攻擊者必須完成以實現其目標的一系列階段。
網絡殺傷鏈包括以下七個階段:
- 偵查:攻擊者收集有關目標組織的信息,例如潛在漏洞、網絡基礎設施和員工詳情。
- 武裝:攻擊者創建武器,例如含有惡意軟體的文件或網路釣魚郵件,用於利用確定的漏洞。
- 遞送:攻擊者將武器傳送到目標,通常通過電子信箱、惡意網站或物理設備(如 USB Driver)。
- 漏洞利用:攻擊者通過執行武器來利用目標的漏洞,這可能涉及運行惡意代碼或操縱用戶執行特定操作。
- 安裝:攻擊者通過安裝惡意軟體或其他惡意工具在目標系統上建立立足點,使他們能夠保持控制和訪問。
- 發令和控制(C2):攻擊者建立與被入侵系統的通信渠道,使他們能夠遠程控制並發出指令。
- 行動:攻擊者實現他們的目標,包括竊取敏感數據、中斷服務或破壞目標組織的基礎設施。
了解網路狙殺鏈可以幫助組織識別其安全態勢中的潛在弱點,並實施對策以在各個流程階段中斷或防止攻擊。
The Cyber Kill Chain is a model used to describe the stages of a cyber attack. It was developed by Lockheed Martin, a U.S. defense contractor, to help organizations understand and defend against advanced cyber threats. The model breaks down the attack process into a series of stages that an attacker must complete to achieve their goal.
The Cyber Kill Chain consists of the following seven stages:
- Reconnaissance: The attacker gathers information about the target organization, such as potential vulnerabilities, network infrastructure, and employee details.
- Weaponization: The attacker creates a weapon, such as a malware-laden file or a phishing email, which will be used to exploit the identified vulnerabilities.
- Delivery: The attacker delivers the weapon to the target, typically through email, malicious websites, or physical devices such as USB drives.
- Exploitation: The attacker exploits the target’s vulnerabilities by executing the weapon, which may involve running malicious code or manipulating a user to perform a specific action.
- Installation: The attacker establishes a foothold on the target system by installing malware or other malicious tools that enable them to maintain control and access.
- Command and Control (C2): The attacker sets up a communication channel with the compromised system, allowing them to control it remotely and issue commands.
- Actions: The attacker achieves their goal, including stealing sensitive data, disrupting services, or damaging the target organization’s infrastructure.
Understanding the Cyber Kill Chain can help organizations identify potential weaknesses in their security posture and implement countermeasures to disrupt or prevent attacks at various process stages.
資料來源: chatGPT 4
因資料由 chatGPT 產生,正確性有待驗證,僅供參考
