Cyber attack stages
Stages of a cyber attack’s life cycle need to be understood so that CIO’s can create an effective defense strategy. Malicious cyber attacks continue to threaten sensitive data — whether it is personal data or company sensitive data — one fact remains: attackers will continue to exploit weakness to infiltrate systems and extract data that they can turn into money. The life cycle of attacks is as follows.
Identify and define potential attack vectors
The first step attackers usually take is to identify members of staff within the organization and the best attack vectors to utilize. This is done by scanning the organization’s public facing websites and gathering as much information about the sites as possible, while simultaneously performing scans against the internal networks.
Using several identified attack vectors, hackers attempt to gain access to an organization’s network. Using different IP addresses and a significant number of computers, the hackers will kick off an automated dictionary attack and after only a few short days malware is installed on the victim’s computer.
Command and control
With the malware in place, the attackers can now begin an in-depth recon against the internal network. The attackers will attempt to escalate privileges on the victim’s account, and create new user accounts with administrative and privileged access.
Discover and spread
With access to the network, the hackers begin to spread it across the organization’s entire network. With a significant presence within the network allowing them to wait, while making detailed asset maps, noting employee patterns and any other information that can assist them in their long term goal: data theft.
Extract and ex-filtrate
Attacks siphon data out of their target company’s environment. They will do this by moving the targeted data to a remote server. After several weeks or possibly even months of siphoning data, the attackers can end their campaign. However, before exiting, they will ensure that they make several network modifications to enable them to return at anytime in the future.
Discovery and clean up
When the organization finally discovers the compromise, typically more than 200 days to detect a breach, stopping the attack begins.