The-Unified-Kill-Chain.pdf资源-CSDN下载

需积分: 3 139 浏览量 2024-08-21 14:16:56 上传评论收藏 1.7MB PDF 举报

资源推荐

资源详情

资源评论

The Unified Kill Chain – a white paper by Paul Pols

The Unified Kill Chain

R A I S I N G R E S I L I E N C E A G A I N S T A D V A N C E D C Y B E R A T T A C K S

Author:

Paul Pols

Special thanks to:

Francisco Dominguez

Fox-IT

Attack Phase

Description

Reconnaissance

Researching, identifying and selecting targets using active or passive reconnaissance.

Resource Development

Preparatory activities aimed at setting up the infrastructure required for the attack.

Delivery

Techniques resulting in the transmission of a weaponized object to the targeted environment.

Social Engineering

Techniques aimed at the manipulation of people to perform unsafe actions.

Exploitation

Techniques to exploit vulnerabilities in systems that may, amongst others, result in code execution.

Persistence

Any access, action or change to a system that gives an attacker persistent presence on the system.

Defense Evasion

Techniques an attacker may specifically use for evading detection or avoiding other defenses.

Command & Control

Techniques that allow attackers to communicate with controlled systems within a target network.

Pivoting

Tunneling traffic through a controlled system to other systems that are not directly accessible.

Discovery

Techniques that allow an attacker to gain knowledge about a system and its network environment.

Privilege Escalation

The result of techniques that provide an attacker with higher permissions on a system or network.

Execution

Techniques that result in execution of attacker-controlled code on a local or remote system.

Credential Access

Techniques resulting in the access of, or control over, system, service or domain credentials.

Lateral Movement

Techniques that enable an adversary to horizontally access and control other remote systems.

Collection

Techniques used to identify and gather data from a target network prior to exfiltration.

Exfiltration

Techniques that result or aid in an attacker removing data from a target network.

Impact

Techniques aimed at manipulating, interrupting or destroying the target system or data.

Objectives

Socio-technical objectives of an attack that are intended to achieve a strategic goal.

The Unified Kill Chain – a white paper by Paul Pols

Executive Summary

Organizations increasingly rely on Information and Communication Technology (ICT). This reliance

exposes them to growing risks from cyber attacks from a range of threat actors. In this white paper, a

Unified Kill Chain (UKC) model is presented that details the tactics that form the building blocks of

modern cyber attacks by Advanced Persistent Threats (APTs) as well as ransomware groups. The

Unified Kill Chain provides insights into the ordered arrangement of phases in attacks from their

beginning to their completion, by uniting and extending existing models. The Unified Kill Chain can be

used to analyze, compare and defend against targeted and non-targeted cyber attacks.

Research shows that the traditional Cyber Kill Chain® (CKC), as

presented by researchers of Lockheed Martin, is perimeter- and

malware-focused. As such, the traditional model fails to cover other

attack vectors and attacks that occur behind the organizational

perimeter. The Unified Kill Chain offers significant improvements over

these scope limitations of the CKC and the time-agnostic nature of the

tactics in MITRE’s ATT&CK™ model (ATT&CK). Other improvements over

these models include: explicating the role of users by modeling social

engineering, recognizing the crucial role of choke points in attacks by

modeling pivoting, covering the compromise of integrity and availability

in addition to confidentiality and elucidating the overarching objectives

of threat actors.

The case studies that were performed also falsify a crucial assumption

underlying traditional kill chain models, namely that attackers must

progress successfully through each phase of a deterministic sequence.

The observation that attack phases may be bypassed affects defensive

strategies fundamentally, as an attacker may also bypass the security

controls that apply to these phases. Instead of focusing on thwarting

attacks at the earliest point in time, layered defense strategies that

focus on attack phases that occur with a higher frequency or that are

vital for the formation of an attack path are thus expected to be more successful. These insights

support the development (or realignment) of layered defense strategies that adopt the assume

breach and defense in depth principles and to optimize the return on investment (ROI) of their

security measures.

As the reliance of organizations on ICT continues to grow, and cyber attacks continue to rise in

number and in force, the risks for organizations and societies as a whole increase at an accelerating

pace. The Unified Kill Chain attack model can be used in the areas of prevention, detection, response

and intelligence to develop and realign defense strategies in an attempt to raise the resilience of

organizations and societies against this dangerous trend.

Keywords — Unified Kill Chain, Cyber Security, Strategy, Attack Modeling, Attack Simulation, Threat

Emulation, Cyber Kill Chain®, MITRE ATT&CK™, Red Team, Tactics, Techniques, Procedures, Assume

Breach, Defense in Depth, APT, ransomware.

Unified Kill Chain

Reconnaissance

Resource Development

Delivery

Social Engineering

Exploitation

Persistence

Defense Evasion

Command & Control

Pivoting

Discovery

Privilege Escalation

Execution

Credential Access

Lateral Movement

Collection

Exfiltration

Impact

Objectives

 The Unified Kill Chain – a white paper by Paul Pols 
 
 
Table of Contents 
Introduction ..................................................................................................................................... 4 
Design of the Unified Kill Chain ....................................................................................................... 5 
Phases of the Unified Kill Chain ....................................................................................................... 6 
1  Overview of the attack phases ................................................................................................ 6 
2  In .............................................................................................................................................. 7 
3  Through ................................................................................................................................... 8 
4  Out ........................................................................................................................................... 9 
Using the Unified Kill Chain ........................................................................................................... 10 
1  Modeling specific cyber attacks and threat actors ............................................................... 10 
2  Realigning defensive strategies ............................................................................................. 11 
3  Scope of the Unified Kill Chain .............................................................................................. 12 
4  Additional improvements in the Unified Kill Chain ............................................................... 13 
Conclusion ..................................................................................................................................... 14 
References ..................................................................................................................................... 15 
Glossary ......................................................................................................................................... 16 
 
   

The Unified Kill Chain – a white paper by Paul Pols

1 Introduction

In the last decades, the dependence throughout modern societies on information and

communication technology (ICT) has continued to rise. Vulnerabilities in the supporting ICT assets

increasingly threaten critical activities that depend on ICT within organizations and society as a

whole. Organizations need to protect their critical assets against a variety of threat actors that range

from cyber criminals to nation states.

To properly defend oneself against advanced cyber attacks, one must first understand how these

attacks are typically performed. For this purpose, threat modeling is required [1]. The Cyber Kill

Chain® by Lockheed Martin (CKC) was traditionally regarded as the industry standard threat model

for defending against advanced cyber attacks [2]. Despite (or because of) its prominent status, the

CKC has been widely criticized. The most damaging criticisms argue that the CKC is perimeter- and

malware-focused [3]. A more comprehensive model is required to deal with advanced cyber attacks

beyond the organizational perimeter and beyond malware attacks.

The term “kill chain” describes an end-to-end process [2], or the entire chain of events, that is

required to perform a successful attack. Once an attack is understood and deconstructed into

discrete phases, it allows defenders to map potential countermeasures against each one of these

phases. Kill chain and other attack lifecycle models, can thus help defenders understand and defend

against the increasingly complex attacks that they are facing. Advanced cyber attacks typically extend

beyond exploiting one vulnerability in an internet-connected system. Depending on the security

posture of the target, attacks may require attackers to forge an attack path through the internal

network of the victim, in which multiple correlated vulnerabilities are exploited before critical assets

can be targeted and objectives can be achieved.

The aim of this white paper is to present the Unified Kill Chain, that can serve to model and defend

against cyber attacks, from the attacker’s first steps to the achievement of an adversarial objective.

The model was designed to defend against end-to-end cyber attacks from a variety of advanced

attackers. The actors performing advanced cyber attacks range from financially motivated enterprise

ransomware groups to the espionage and sabotage campaigns by nation states (Advanced Persistent

Threats [4]). The model has also successfully been applied to defend against ransomware groups and

ransomware worms, that implement tactics that were previously primarily seen in targeted attacks.

As such, the Unified Kill Chain has a proven track recording in raising the resilience of targeted

organizations against a range of targeted and (initially) untargeted attacks.

The Unified Kill Chain offers a substantiated basis for strategically realigning defensive capabilities

and cyber security investments within organizations, in the areas of prevention, detection, response

and intelligence. The Unified Kill Chain allows for a structured analysis and comparison of threat

intelligence regarding the tactical modus operandi of attackers. In the area of prevention, the Unified

Kill Chain can be used to map countermeasures to the discrete phases of an attack. Detection can be

prioritized based on the insights into the ordered arrangement of the attack phases. In emergency

response situations, the Unified Kill Chain aids investigators in triage and modeling likely attacks

paths. The model also specifically allows for the improvement of the predictive value of Red Team

threat emulations, which aim to test the security posture of organizations in these areas.

剩余17页未读，继续阅读

评论收藏

内容反馈

Pooling

粉丝: 0

The-Unified-Kill-Chain.pdf

qt-unified-windows-x64-4.6.0-online.exe

VMware NSX-T 3.0 OVA文件nsx-unified-appliance-3.0.0.0.0.15946739.ova

qt-unified-windows-x64-4.6.1-online.exe

qt-unified-windows-x86-online.exe

NorDig-Unified-Requirements-ver.-3.1

QT在线安装器qt-unified-windows-x64-4.6.0-online.exe

qt6在线安装文件：qt-unified-windows-x64-online 向下兼容

Qt-unified-windows-x64-4.6.0-online安装Qt

qt-unified-linux-x64-3.0.2-online.run

qt-unified-windows-x86-4.0.1-1-online.zip

qt-unified-windows-x86-4.0.1-online.exe

qt的软件以及安装步骤 qt-unified-windows-x64-4.6.1-online

Xilinx-Unified-2022.2-1014-8888-Win64.zip

NorDig-Unified-Requirements-ver.-3.0.pdf

qt-unified-windows-x64-4.5.2-online

VMware-vSphere-7.torrent

ACS-Unified-MSI-4261-2-.zip

qt-unified-windows-x86-3.0.6-online

TensorRT-7.2.3.4.CentOS-7.9.x86-64-gnu.cuda-11.1.cudnn8.1.tar.gz

“ 官网 ”最新版-《qt-unified-windows-x64-4.5.1-online》

Qt-unified-windows-x86-3.2.3-online.rar

ACS-Unified-Driver-Win-4003-P

ATT&CK相关资料合集（10份）.zip

qt-unified-windows-x86-3.1.1-online.rar

qt-unified-windows-x86-3.0.1-online

TensorRT-7.0.0.11.Ubuntu-18.04.x86_64-gnu.cuda-10.2.cudnn7.6.zip

qt-unified-windows-x86-3.1.1-online.exe

qt-unified-windows-x86-2.0.5-2-online

TensorRT-7.2.3.4.Ubuntu-18.04.x86_64-gnu.cuda-10.2.cudnn8.1.zip

记录 对供货商财务报表的导出的优化

Java编程入门：问题解决之道

最新资源

记录对供货商财务报表的导出的优化