Q: 14
DRAG DROP Drag and drop the type of attacks from the left onto the cyber kill chain stages at which the attacks are seen on the right. 
Drag & Drop
Discussion
system phones connecting to countries where no staff are located → reconnaissance
malware placed on the targeted system → weaponization
not visible to the victim → delivery
large amount of data leaving the network through unusual ports → exploitation
USB with infected files inserted into company laptop → installation
virus scanner turning off → command & control
open port scans and multiple failed logins from the website → actions on objectives
malware placed on the targeted system → weaponization
not visible to the victim → delivery
large amount of data leaving the network through unusual ports → exploitation
USB with infected files inserted into company laptop → installation
virus scanner turning off → command & control
open port scans and multiple failed logins from the website → actions on objectives
I matched 'large amount of data leaving the network through unusual ports' with actions on objectives and 'open port scans and multiple failed logins from the website' to exploitation. I figured data exfiltration is usually the final goal, so it fits actions on objectives. Not fully sure since some reports show open scans as recon or exploitation. Open to debate here.
Be respectful. No spam.
