The delivery phase of the Cyber Kill Chain is a crucial step where cybercriminals transmit malicious payloads to their targets. This phase is central to phishing attacks, which exploit human trust to gain unauthorized access to sensitive information. This article explores the various forms of phishing, the technical mapping of delivery phase to the MITRE ATT&CK framework, and the real-world implications of these attacks.
Phishing remains one of the most pressing cybersecurity threats today. Cybercriminals use phishing to trick individuals into revealing sensitive information or installing malware. The delivery methods are varied and increasingly sophisticated:
Email Attachments: Malicious files are disguised as legitimate documents, tricking recipients into downloading malware.
Malicious Links: URLs in emails or messages that lead to harmful websites designed to steal information or install malware.
USB Drives: Physical devices left in public places or distributed through other means that contain malware.
Smishing: SMS-based phishing that targets individuals through text messages, often impersonating banks or service providers to steal credentials.
Quishing: QR code phishing where malicious codes redirect users to fraudulent websites or trigger downloads of harmful software.
These techniques exploit human vulnerabilities and trust, making them highly effective and dangerous.
MITTRE Kill Chain
This phase maps directly to several techniques in the MITRE ATT&CK framework under the "Initial Access" category, these mappings help cybersecurity professionals understand the specific tactics used in the delivery phase and devise appropriate defensive measures.
Phishing (T1598): This technique includes spear-phishing attachments (T1598.002) and spear-phishing links (T1598.003). Attackers send emails that trick....