The Cyber Attack Lifecycle ๐Ÿ•ตโ€โ™€๐Ÿ’ป

The Cyber Attack Lifecycle describes the actions taken by an attacker from initial identification and recon to mission complete. This helps us understand and combat bad actors, ransomware, and others.

Letโ€™s break down the steps !

Initial Reconnaissance ๐Ÿ”Ž

Intruder selects a target, researches it, and attempts to identify vulnerabilities in the target network. Some things attackers use and look for:

Initial Compromise ๐Ÿ“ฌ

The attacker compromises a vulnerable host. This may be a DMZ host or something in a higher security group via email phish. This is the first step into a network and why security people always say:

Don’t click email links!
Don’t open email attachments!

Establish Foothold ๐Ÿง—๐Ÿผโ€โ™€๏ธ

A compromised system is good, one that you can access is even better. Initial access or a foothold is an attacker’s first step in your network. If there are network rules to block various network traffic, the attack may die here.

Escalate Privileges ๐Ÿ“ˆ

Attackers often need more privileges on a system to get access to more data and permissions: for this, they need to escalate their privileges often to an Admin.

Internal Recon ๐Ÿ‘€

Where are we internally, what are we looking for, and how can I get there?
Here we apply the OODA loop – a simple strategy to help you find your way forward.

Move Laterally ๐Ÿ‘ฃ

Once theyโ€™re in a system, attackers can move laterally to other systems and accounts in order to gain more leverage: whether thatโ€™s higher permissions, more data, or greater access to systems.

Maintain Persistence ๐Ÿ 

Being able to return to networks, again and again, is one of the attackers main goals. They may not find what theyโ€™re looking for during in the first compromise and they will want to return.

Repeat (4-7) until (Mission) Complete ๐Ÿ” โœ…

Mission complete can be any number of things, anything your mind can think up from any spy or heist movie. Real data gets stolen every day. The current โ€œaverage time to detect a breachโ€ is 197 days.


Content written by Jason Schorr, a collaborator at Idiwork.



If you want to hear more about Jason’s content ๐Ÿ“ข๐Ÿ“ฉ click here

Stay up to date!

Leave a comment