Understanding the Cybersecurity Kill Chain

The last chapter, you learned about the incident response process and how it fits into the overall enhancement of a company's security posture. Now it is time to start thinking as an attacker and understand the rationale, the motivation, and the steps of performing an attack. We call this the cybersecurity kill chain, which is something that we briefly covered in Chapter 1, Secure Posture. Today, the most advanced cyber-attacks are reported to involve intrusions inside a target's network that last a long time before doing damage or being discovered. This reveals a unique characteristic of today's attackers: they have an astounding ability to remain undetected until the time is right. This means that they operate on well-structured and scheduled plans. The precision of their attacks has been under study and has revealed that most cyber attackers use a series of similar phases to pull off successful attacks.

To enhance your security posture, you need to ensure that all phases of the cybersecurity kill chain are covered from a protection and detection perspective. But the only way to do that is to ensure that you understand how each phase works, the mindset of an attacker, and the tolls that are taken on each phase.

In this chapter, we're going to be covering the following topics:

• External reconnaissance
• Compromising the system
• Lateral movement
• Privilege escalation
• Concluding the mission