There are multiple stages for launching a targeted cyber attack. Every stage is critical for ensuring the success of targeted attack.
The stages are briefly discussed as follows:
1.Intelligence gathering and threat modeling:
The targeted attack starts with intelligence gathering in which attackers collect information about targets from different resources, both public and private. Once the information is collected, attackers build an attack plan after modeling weaknesses associated with the target to execute attacks in stealth mode.
2. Infecting the target:
In this phase, attacker’s motive is to infect targets so that additional set of attacks can be initiated. The attackers follow different approaches such as spear phishing and waterholing attacks to coerce users to interact with malicious e-mails and web sites. The basic idea is to trick users by deploying social engineering so that malicious programs can be installed on the end-user systems.
3. System exploitation:
In this phase, once the users are tricked to open malicious e-mails or visit infected web sites on the Internet, the malicious code exploits vulnerabilities (known and unknown) in the application software to install malicious programs on the end-user systems. The installed malware controls the various functionalities of the operating system. Once the system is compromised, the attacker can easily interact with the system and send commands remotely to perform unauthorized operations.
4. Data exfiltration:
Data exfiltration is a process of transmitting data in a stealthy manner from the compromised system under the attacker’s control. In this phase, the attackers steal sensitive data from the end-user systems. Once the system is infected with malware, the attacker has the capability to steal any data including operating system configuration details, credentials of different application software, etc. Present-day malware is well equipped to perform Man-in-the-Browser (MitB) attacks to monitor, steal and exfiltrate all the critical data communicated between the end-user system and the destination server through browsers. For example, MitB attacks are heavily used in conducting banking frauds and stealing information from users that is otherwise not easily available.
5. Maintaining control and network access:
In this phase, the primary motive of the attackers is to gain access to other systems in the network by constantly controlling the end-user system without detection. The attackers use spreading mechanisms such as USB infections, Instant Messenger (IM) infections, etc., to spread malware to additional systems. Other techniques involve spreading infections through networks by using protocols such as Remote Procedure Call (RPC), Server Message Block (SMB), Remote Desktop Protocol (RDP), and Hyper Text Transfer Protocol (HTTP).
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
34,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM