Phase 1: Reconnaissance
This is the observation stage where the attacker gathers information on their target and develops tactics for the attack. They can use automated scanners to find vulnerabilities they may be able to penetrate. They will try to identify a point of entry by investigating the security systems in place including firewalls, Endpoint Protections, and authentication mechanisms.
Phase 2. Weaponization
Once they have gathered enough information and identified a vulnerability or point of entry, they will start looking at the appropriate attack vectors to gain entry to your system or network. This could be as simple as using weak or stolen credentials or developing malware to exploit the identified vulnerabilities.
Phase 3: Delivery
This is the most crucial stage whereby the intruder launches the attack. The specific steps taken will depend on the type of attack they intend to carry out. For example, the attacker may send email attachments or a malicious link to spur user activity to advance the plan. This activity may be combined with social engineering techniques to increase the effectiveness of the campaign. The Cyber Awareness of the victim at this stage may well determine if an attack is successful, or not.
Phase 4: Exploitation
Now that the payload is on the network, the malicious actor’s set up to make their move by exploiting a vulnerability. They could exploit the following, missing input validation, lack of sufficient logging, not closing the database connection, or using obsolete or deprecated methods.
Phase 5: Installation
A backdoor or remote access trojan is installed by the malware that provides access to the intruder.
Phase 6: Command & Control
If a hacker sees the opportunity for future attacks, their next move is to install a backdoor for consistent access to the target’s systems. This way they can move in and out of the target’s network without running the risk of detection by re-entering through other attack vectors. Take the HSE attack here in Ireland for example. The attackers had access to their systems for 8 weeks before they launched the ransomware attack that crippled their systems.
Phase 7: Actions on Objectives
Intruder initiates end goal actions, such as data theft, data corruption, or data destruction.