October 4th, 2021 by Amber Cheatham
Cybercrime is growing faster than you think. Did you know that there is a hacker attack every 39 seconds affecting one in three Americans annually? Also, 64 percent of the companies in the US have experienced web-based cyber-attacks, including phishing, denial of service attacks, and malicious code and botnets.
All this shows that cybercrime isn't going anywhere. It is here to stay and will grow over time. How you strategize to keep hackers at bay and create an efficient incident response plan to cope with potential threats is critical to ensuring business continuity. This is why it is crucial to understand the hacker's timeline and prepare for cyberattacks before they occur.
Ethical hacking is one of the essential practices to understanding the stages of a hacker's timeline and exploiting the computer system to remove the flaws in the system discovered.
Here is their timeline to help you develop a good understanding of how hackers attack their targets. Attackers use this timeline to breach the network. Take a look:
Stage 1 – Reconnaissance
A smart and skilled hacker will do legwork and research about the target before they attack. Also known as the preparatory phase, reconnaissance is where the hacker gathers information about the target in phases.
This is when the potential hacker finds crucial data to exploit the victim, such as employee names, old passwords, and details about the network. The hacker then completes the process of footprinting. This involves finding collecting data from the target system, such as searching for IP addresses, TCP and UDP services, and identifying vulnerabilities. All this information is collected by two footprinting methods – active and passive.
Active method is when the hacker directly interacts with the target for information gathering purposes, while passive is when the hacker collects information about the target, but it's not done directly. The information is collected via indirect methods like social media and public websites and sources.
Stage 2 – Scanning
At this stage, the target of the hacker is to seek information that can help them perpetrate an attack – a quick way to gain access to the network. The hacker may rely on different tools to scan for information such as dialers, network mappers, vulnerability, and port scanners. They may engage in the following methods:
- Port Scanning: the hacker gets scans the target for information like live systems and open ports.
- Vulnerability Scanning; the hacker checks the target for vulnerabilities and weaknesses which are easy to exploit.
- Network Mapping: the hacker finds the network topology, firewall servers, routers, and host information.
Stage 3 – Gain Access
Once the scanning is complete, now it is time for action. The hacker breaks into the network using different methods, for example:
- Phishing Attack
- Man In The Middle Attack
- Spoofing Attack
- Session Hijacking
- BEC Attack
- Buffer Overflow Attack
- Dos Attack
- Brute Force Attack
For example, the hacker selects a phishing attack to gain access. They infiltrate the IT department by sending out phishing emails using the CTO's actual email ID. Masked as CTO email ID, the phishing email may contain a website to collect the login and passwords of the employees. As a result, it gives the hacker access to critical information that they can use to move to the next step of their attack.
Once hackers have gained access, they want to keep their access for future exploitation and cyber attacks. Hence, they take measures to maintain access.
Stage 4 – Maintain Access
As the hacker has the credentials for multiple email accounts, they begin to test the accounts on the domain. They create a new administrator account for themselves to blend in. Moreover, the hacker starts to search and identify accounts that haven't been used for a long time.
So they change the password of those accounts and elevate privileges to an administrator as a secondary account. This enables them to maintain network access. To extend their access, they may also send emails to other users.
With access to an IT account, the hacker copies all emails, contacts, appointments, instant messages, and files to maintain access.
Plus, to encrypt and bring down the whole network, they remain persistent. The hacker continuously targets other devices and accounts to steal mission-critical and sensitive data. They also make sure to set up their persistence, making it easy for them to enter into the network when needed and distribute malware. Sometimes they may also move forward with activities like deploying ransomware or data exfiltration. They may even end up destroying the network.
Stage 5 – Clear Tracks
No hacker wants to leave behind their footprints. Therefore, they try to clear all evidence possible so that there is no way they can be traced. To do so they:
- Clear the cookies and cache
- Modify the registry values
- Modify, delete, or corrupt log values
- Clear the emails sent out
- Close all the open ports
- Uninstall all applications that they used
It's said prevention is better. Although no business is 100 percent safe from cyber attacks, you can mitigate and minimize the risk preventing costly downtime and damage to your business. Therefore, consider protecting your network and systems from potential cybercrime and attacks. Contact BTS Technologies. We can provide you with the best security solutions to keep your business landscape protected and safe from hackers.
Posted in: Solutions