Phase
|
Description
|
Intelligence Gathering
|
Identify and research target individuals using public sources (for example, social
media
websites) and prepare a customized attack
|
Point of Entry
|
An initial compromise typically from zero-day malware delivered via social engineering
(email/IM or drive-by download)
A backdoor is created and the network can now be infiltrated. Alternatively, a website
exploitation or direct network hack may be employed.
|
Command & Control (C&C) Communication
|
Communications used throughout an attack to instruct and control the malware used
C&C communication allows the attacker to exploit compromised machines, move laterally
within the network, and exfiltrate data.
|
Lateral Movement
|
An attack that compromises additional machines
Once inside the network, an attacker can harvest credentials, escalate privilege levels,
and maintain persistent control beyond the initial target.
|
Asset/Data Discovery
|
Several techniques (for example, port scanning) used to identify noteworthy servers
and
services that house data of interest
|
Data Exfiltration
|
Unauthorized data transmission to external locations
Once sensitive information is gathered, the data is funneled to an internal staging
server where it is chunked, compressed, and often encrypted for transmission to external
locations under an attacker’s control.
|