Scroll Top

The Mitre ATT&CK Framework and Kill Chain Explained

The Mitre ATT&CK Framework and Kill Chain Explained
1
By Jose Reyes Security Blog October 10, 2023

What is the Mitre ATT&CK Framework?

The Mitre ATT&CK Framework describes the techniques, tactics and procedures that hackers use to carry out cyberattacks. An important concept from the Mitre ATT&CK framework is the “Kill Chain,” which is a model that describes stages or phases that an attacker typically follows when conducting a cyberattack. This model helps organizations understand and defend against cyber threats by listing them as steps below.

Kill Chain model

There are seven steps and I included briefly what is “done” during each step. Note that although it is listed as a step-by-step model it is not linear. Attackers can move back and forth between stages.

  • Reconnaissance– Attackers gather information about the target. They might use social media, websites, or public databases to understand the target environment, employees, and their systems.
  • Weaponization– attackers create a malicious payload, like a virus or worm. They use tools and techniques to package the payload in a way that can exploit vulnerabilities in the target’s systems.
  • Delivery– Attackers send the weaponized bundle to the victim. This could be through phishing emails, malicious downloads, or other methods to ensure the target receives the malware.
  • Exploitation– The malicious code gets executed on the victim’s system. This could be by tricking a user to click on something or by exploiting a software vulnerability.
  • Installation– After exploitation, the malware installs itself to maintain persistence. This means it ensures it remains in the system even after reboots or attempts to remove it.
  • Command and Control (C2)– The malware establishes a backdoor to the attacker, allowing remote control over the infected system. This way, attackers can issue commands, extract data, or further spread inside the network.
  • Action on Objectives– This is the endgame. Having infiltrated the system, attackers now pursue their goals. This could be data theft, deploying ransomware, causing system disruption, or any other malicious intent.

While we can never fully eliminate cyber threats, however by understanding how attackers operate and the techniques they use, organizations can better prepare and defend against cyber-attacks. They can also better detect attacks and respond efficiently to mitigate risks, and impact of security incidents.

1
Jose Reyes / About Author
I am currently pursuing my Bachelor's degree in Cybersecurity and Information Assurance, driven by a passion for protecting digital assets and ensuring data integrity in our interconnected world. As an intern at Top Gallant Partners, I am gaining hands-on experience in cybersecurity practices, further enhancing my understanding of threat detection, risk assessment, and security management.
With coursework focusing on network security, cryptography, ethical hacking, and incident response, I am equipped with the skills needed to address the complex challenges facing organizations today.
More posts by Jose Reyes

Related Posts

ransomware
What to Do Immediately After a Ransomware Attack

Ransomware attacks are a growing threat to businesses of all sizes. In 2021, the average ransomware payment was $170,000. If…

0
0
12 May 2023
encryption
Salted Hashes Explained in 60 Seconds

Have you ever wondered what a Salted Hash was? Well, here is the Cliff Notes’ Version Hashing is a function…

0
0
04 Dec 2020
Facebook et al Now Back Up; Change Management the Issue

Issue Acknowledged by All Via Twitter Facebook and associated Websites are down. Issue is unknown right now. Facebook was featured…

0
0
04 Oct 2021
Everyday Programs Abused by Hackers for Evil Deeds

Seemingly Benign Programs used for Hacking Hackers use seemingly benign programs for Nefarious Purposes. Hackers manipulate and repurpose software and…

1
1
07 Sep 2023
microsoft
Unsecured Internet Databases are being Deleted by the Meow Attack

New Attack on the Internet

0
0
24 Aug 2020
Malware
Microsoft Announces Remote Code Execution Vulnerability in Office Products Suite

September 8, 2021 – Microsoft has discovered  a remote code execution vulnerability in MSHTML that affects Microsoft Windows. The Vulnerability…

0
0
08 Sep 2021
Vulnerability Scanning + Penetration Testing = Best Practice

To help businesses uncover and fix the vulnerabilities and misconfigurations affecting their systems, there is an abundance of solutions available….

0
0
18 Jul 2022
mount washington
New Hampshire Hacker Pleads Guilty to Passport and Wire Fraud

CONCORD – A Derry man pleaded guilty in federal court in Concord to passport fraud and wire fraud in connection…

0
0
30 Nov 2023
Chinese Nationals arrested for Hacking Law Firms

Hacking Target Seven Law Firms The three individuals were arrested for targeting seven law firms in the US who were…

0
0
28 Dec 2016
HHS OCR HIPAA Audit Finds Less Than Lackluster Results

Majority were non-compliant for Access, Security Risk Management and Analysis In 2016 and 2017, the Office for Civil Rights (OCR)…

0
0
18 Aug 2021
ransom-ware
Major US Hospital Chain Hacked By What May Be Ransomeware

Major US Hospital Chain Hacked By What May Be Ransomeware    A computer outage at a major hospital chain thrust…

1
1
29 Sep 2020
VMware Releases Fix for Critical Vulnerabilities

VMware has released fixes for ten vulnerabilities, including CVE-2022-31656 which is an authentication bypass vulnerability affecting VMware Products. VMware considers these updates critical and advises to patch or mitigate immediately. There is an indication that this vulnerability may soon be leveraged by attackers.

0
0
03 Aug 2022
Darknet
CISA Advises Diligence on Russian Invasion Anniversary

CISA assesses that the United States and European nations may experience disruptive and defacement attacks against websites in an attempt…

0
0
24 Feb 2023
WPA3 vs. WPA2 why make the switch

In the ever-evolving landscape of wireless networking, security is a paramount concern. With the increasing prevalence of smart devices, IoT…

1
1
30 Oct 2023
May 2023 News
May Newsletter

May 2023 Newsletter Tim Cook Said Recently “In The World of Cybersecurity The Last Thing You Want Is To Have…

0
0
20 Apr 2023
Our website uses cookies from third party services to improve your browsing experience. Read more about this and how you can control cookies by clicking "Privacy Preferences".
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.
Privacy Policy
You have read and agreed to our privacy policy
Required