Scribd
Upload
2 views

Understanding+the+Cyber+Attack+Cycle+and+MITRA+ATTACK +From+Reconnaissance+to+Defence

The document outlines the cyber-attack cycle, detailing stages from reconnaissance to data exfiltration, and emphasizes the importance of understanding this cycle for effective cybersecurity. It introduces key frameworks like the Cyber Kill Chain and MITRE ATT&CK, which help organizations detect and respond to threats. Additionally, it provides defensive strategies to mitigate risks associated with each phase of an attack.

Uploaded by

PAUL VINCENT FAJARDO
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
2 views

Understanding+the+Cyber+Attack+Cycle+and+MITRA+ATTACK +From+Reconnaissance+to+Defence

The document outlines the cyber-attack cycle, detailing stages from reconnaissance to data exfiltration, and emphasizes the importance of understanding this cycle for effective cybersecurity. It introduces key frameworks like the Cyber Kill Chain and MITRE ATT&CK, which help organizations detect and respond to threats. Additionally, it provides defensive strategies to mitigate risks associated with each phase of an attack.

Uploaded by

PAUL VINCENT FAJARDO
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

CYVITRIX LEARNING

| PERSONAL USE ONLY |

Understanding the Cyber Attack Cycle


and MITRA ATTACK: From
Reconnaissance to Defence
Description

Introduction

In the constantly evolving world of cybersecurity, knowing how attacks unfold is critical for staying
ahead of threats. Cyberattacks aren’t random—they follow a structured process. Understanding this
attack cycle can empower security teams, developers, and IT professionals to anticipate threats and
strengthen defenses before damage is done.
O M
I X .C
This blog post explores the cyber-attack lifecycle, breaks down attackers’ tactics, and introduces key

IT R
frameworks like the Cyber Kill Chain and MITRE ATT&CK to help organizations detect, mitigate, and
respond effectively.
C Y V
W .
WW
What Is the Cyber Attack Cycle?

The cyber-attack cycle outlines the stages of a cyberattack, starting from initial scouting of a target to
the eventual compromise and data exfiltration. Recognizing each step in this sequence helps
organizations prepare and respond more efficiently.

The Stages of a Cyber Attack

1. Reconnaissance

The attacker identifies a target and gathers intelligence—IP addresses, domains, employee
profiles, tech stacks (via LinkedIn), etc.
Tools like Shodan are used to locate vulnerable, internet-facing systems (e.g., outdated Oracle
ERPs or Windows XP-based controllers).

2. Weaponization

A custom malware payload or exploit is developed using known vulnerabilities (reverse-


engineered from patches or found on Exploit-DB or GitHub).
Often involves embedding malicious code into files or documents.

3. Delivery

Page 1
DO NOT DISTRIBUTE WITHOUT CYVITRIX LEARNING AUTHORIZATION
CYVITRIX LEARNING
| PERSONAL USE ONLY |

The malware is delivered via phishing emails, malicious links, compromised websites, or USBs.
Social engineering plays a key role in tricking victims.

4. Exploitation

Once opened or clicked, the malicious code executes by exploiting software or human
vulnerabilities.
This may lead to remote code execution or privilege escalation.

5. Installation

Malware or backdoors are installed to maintain access.


Droppers install secondary payloads like ransomware or spyware.

6. Command and Control (C2)

Attackers establish communication with the compromised system through a command-and-


control server.
M
They issue commands, exfiltrate data, or move laterally across networks.
O
7. Actions on Objectives
I X .C
IT R
C Y V
Final goal: data theft, ransom demand, espionage, or launching further attacks from within the
breached network.
W .
WW
Key Tools and Frameworks

? The Cyber Kill Chain (by Lockheed Martin)

A conceptual model that outlines the attack lifecycle and helps security teams identify opportunities to
detect and block threats at each stage.

? The MITRE ATT&CK Framework

A more detailed matrix that maps real-world attacker behaviors:

Tactics: what the attacker is trying to achieve (e.g., persistence, lateral movement).
Techniques: how they do it (e.g., pass-the-hash, credential dumping).
Defenses: suggested detection, logging, and prevention mechanisms.

Real-World Tools Used by Attackers

Shodan.io: Search engine for internet-connected devices.


Exploit DB: Repository of public exploits.
GitHub: Source of Proof-of-Concept (PoC) code.
Dark Web Markets: For buying and selling exploits and access.

Page 2
DO NOT DISTRIBUTE WITHOUT CYVITRIX LEARNING AUTHORIZATION
CYVITRIX LEARNING
| PERSONAL USE ONLY |

Defensive Strategies

To counteract each phase of the attack cycle:

Patching: Apply updates before attackers reverse-engineer them.


Monitoring: Use SIEMs and EDRs for behavioral analytics and anomaly detection.
Penetration Testing: Regularly test your defenses and simulate attack paths.
Threat Intelligence: Stay updated on current attack patterns and indicators of compromise
(IOCs).
Zero Trust Architecture: Always verify—never assume trust.

Why This Matters

Failing to understand how cyber-attacks work is like going into battle blindfolded. Organizations that
internalize the attack cycle can:

Anticipate attacker moves


O M
Detect threats earlier
Strengthen critical weak points
I X .C
Reduce breach impact
IT R
C Y V
leadership alike.
W .
This knowledge isn’t just for security professionals—it benefits developers, system admins, and C-level

WW
Quick Review & Refresh

1. What is the first stage of a cyber-attack?


Reconnaissance.
2. What tool is often used to scan exposed systems on the internet?
Shodan.io.
3. What is the purpose of weaponization in the attack cycle?
To create an exploit or malware tailored to a specific target.
4. What model outlines each phase of a cyber-attack?
Cyber Kill Chain.
5. How is delivery commonly achieved?
Through phishing emails, malicious downloads, or websites.
6. What is a dropper?
A small program used to install malware or backdoors.
7. What does the MITRE ATT&CK framework provide?
A detailed matrix of tactics, techniques, and procedures (TTPs).
8. How do attackers maintain access post-exploitation?
By installing backdoors and connecting them to C2 servers.
9. What is lateral movement?
Spreading through the network by using compromised credentials.

Page 3
DO NOT DISTRIBUTE WITHOUT CYVITRIX LEARNING AUTHORIZATION
CYVITRIX LEARNING
| PERSONAL USE ONLY |

10. Why is proactive monitoring important?


To detect and respond before full system compromise occurs.

Reflect and Discuss

Has your organization mapped its defenses to each phase of the attack cycle?
What tools do you use for monitoring reconnaissance or lateral movement?
Are you using the MITRE ATT&CK framework to inform your threat detection strategy?

Please share your thoughts or questions in the comments. We’d love to hear how you’re preparing
your cyber defenses.

Date
08/04/2025

O M
I X .C
IT R
C Y V
W .
WW

Page 4
DO NOT DISTRIBUTE WITHOUT CYVITRIX LEARNING AUTHORIZATION

You might also like