The methods and tools of hackers can vary quite widely in the modern landscape. Some focus more on brute force attacks and hard breaches, using tools and methods to assault our operations and systems. Whereas others may attempt insidious breaches under the radar or undetected malware installations, such as through phishing and malicious downloads. Whatever the case may be, there are also commonalities among hackers and their methods. Summed up, there are about seven stages that a hacker goes through from start to finish regarding a successful cyber attack. The ways that they go about these various stages can vary, but they typically go through the steps one way or another. Here is a summation of these steps, and methods to combat them.
Deciding Upon a Target
The first step for a hacker is to decide who their target will be. This can vary depending on what exactly they are trying to obtain, but it can also be quite a wide selection these days. Virtually every business holds large amounts of sensitive organizational and customer data. Depending on the type of data, it can be used for fraud or identity theft, be ransomed back to the company, or sold on the black market.
Combat: Review and fortify security regularly. Also, use intelligence to be forewarned of different types of security threats targeting your organization or industry.
Once the attacker has chosen their target, next comes scoping them out. They will discover all they can about the company in attempts to locate vulnerabilities or weak points. This could be somewhat interchangeable with the above step, as they may choose their target based on reconnaissance of various businesses.
Combat: Intelligence as above, as well as monitoring to detect any anomalies or probing of networks and systems.
Scanning for Weak Points
Once they have obtained initial recon on the business, they will then begin a more in depth analysis of weak points in the networks or systems. There are common tools on the web that they can use for this step. This can be one of the longer steps, as they may be evaluating weak points for months.
Combat: Regular fortification and backups of networks and systems to discover any potential vulnerabilities. Potentially employ white hat hackers to help locate hidden vulnerabilities.
Type of Security Threat
At this point, they will decide upon the type of security threat to employ based on discovered vulnerabilities. They may discover a way to steal credentials or assault with brute force attacks. Or they may decide that phishing would be the best method of entry.
Combat: Educate employees on phishing methods, and locate/handle vulnerabilities as above.
Of course, they will then employ the decided method to gain access to the system.
Combat: If prevention methods above were followed, the attack should be foiled at this point. But, one can also use monitoring to discover and prevent attempted attacks.
Whatever their malicious intent, it can take some time to perform tasks. Meaning, they must be able to maintain access long enough to complete it. While inside, they must be able to avoid discovery or expulsion methods and move data quickly to external storage. This may also include disabling the organization’s access to some of their systems so that they cannot immediately react.
Combat: Have contingency methods in place to expel attacks or shut down systems. Also ensure regular backups so that systems can be shut down in the event of an attack and restored later, especially in the case of ransomware.
Covering Their Tracks
Obviously, hackers do not want to have the attack traced back to them, so they must cover their tracks. They may scrub their trail themselves or employ Trojans or log cleaners to clean up for them.
Combat: React immediately to attacks, and while expelling, gather as much data as possible about the source and method. Also, employ a cyber forensics team to investigate the attack and trace the source. Hackers often leave traces unintentionally, and even the most minimal indicator can potentially lead back to the source.