Personal tools

Cyber Attack Tactics and Techniques

[Toronto, Ontario, Canada - Civil Engineering Discoveries]


Protecting an organization from attack requires more than just knowledge of the most common cyber threats. Each type of attack follows a series of tactics (the steps in an attack). There are many techniques an attacker can use at each step. These attack vectors are identified in the industry-endorsed ecosystem that is developing around the MITRE ATT&CK Model. ATT&CK stands for Adversarial Tactics, Techniques, and 

Tactics and techniques is a modern way of looking at cyberattacks. Rather than looking at the results of an attack, aka an "indicator of compromise (IoC)", security analysts should look at the tactics and techniques that indicate an attack is in progress. Tactics are the why of an attack technique. Techniques represent how an adversary achieves a tactical objective by performing an action. 

Common knowledge is the documented use of tactics and techniques by adversaries. Essentially, common knowledge is the documentation of procedures. Those familiar with cybersecurity may be familiar with the term “tactics, techniques, and procedures,” or TTP. (The “CK” makes for a sexier acronym than “P”— always a must in government projects.)


- Lockheed Martin Cyber Kill Chain

Developed by Lockheed Martin, the cyber kill chain® framework is part of the Intelligence Driven Defense® model for identification and prevention of cyber intrusions activity. The model identifies what the adversaries must complete in order to achieve their objective.

The cyber kill chain is a series of steps that trace stages of a cyberattack from the early reconnaissance stages to the exfiltration of data. The kill chain helps us understand and combat ransomware, security breaches, and advanced persistent attacks (APTs). 

Lockheed Martin derived the kill chain framework from a military model - originally established to identify, prepare to attack, engage, and destroy the target. Since its inception, the kill chain has evolved to better anticipate and recognize insider threats, social engineering, advanced ransomware and innovative attacks.

[More to come ...]



Document Actions