Why would threat actors prefer to use a zero-day attack in the Cyber Kill Chain weaponization phase?
- to get a free malware package
- to launch a DoS attack toward the target
- to avoid detection by the target
- to gain faster delivery of the attack on the target
| Answers Explanation & Hints:
In the installation phase of the Cyber Kill Chain, the threat actor establishes a back door into the system to allow for continued access to the target. Among other measures, using HIPS to alert or block on common installation paths and auditing endpoints to discover abnormal file creations can help block a potential back door creation. |