• Skip to main content
  • Skip to primary sidebar

Victor Font Consulting Group, LLC

The DEX Intranet Specialists

  • Home
  • Care Plans
    • Care Articles
    • Optional Subscriptions
  • Consultations
  • Products
    • Code Snippets
    • Public GitHub Repositories
    • Gist Snippets
    • Pastebin Snippets (Free)
    • Free Plugins
  • FAQs
  • Support
    • Graphic Design
  • Contact
    • Speakers
    • Portfolio
  • Resources
    • Free WordPress Video Training
    • Tutorials
    • Articles
    • Cybersecurity
    • EU Referral Network

Anatomy of a Cyberattack

August 29, 2018 By Victor M. Font Jr.

A cyberattack is any attempt to expose, alter, disable, destroy, steal or gain unauthorized access to or make unauthorized use of an asset by hacking into a susceptible system.

Cyberattacks are offensive maneuvers that target computer information systems, infrastructures, computer networks, or personal computer devices. They could be prosecuted by nation-states, individuals, groups, society, or organizations. They may originate from anonymous sources.

Cyberattacks are conducted as cybercampaigns, cyberwarfare, or cyberterrorism depending on the context. Cyberattacks can vary in scope and range from installing spyware on a single personal computer to attempting to destroy the infrastructure of an entire nation. Cyberattacks have become increasingly sophisticated and dangerous.

Cyberwarfare utilizes techniques of defending and attacking information and computer networks that inhabit cyberspace, often through a prolonged cybercampaign or series of related campaigns. It denies an opponent’s ability to do the same, while employing technological instruments of war to attack an opponent's critical computer systems.

Cyberterrorism is “the use of computer network tools to shut down critical national infrastructures (such as energy, transportation, government operations) or to coerce or intimidate a government or civilian population”.1

The end result of both cyberwarfare and cyberterrorism is the same—to damage critical infrastructures and computer systems linked together within the confines of cyberspace.

Battle Maneuvers

Just as soldiers conduct certain strategies during a conflict, cybercriminals employ battle tactics and stratagems as well. They will do anything necessary to gain tactical or strategic advantage by accessing a system once they decide it will be profitable, challenging, or fun for them to do so. Battle tactics include:

Soldier reconnoitering the enemy. CC0 license, pixabay.com
Soldier reconnoitering the enemy
  1. Reconnaissance: Cybercriminals reconnoiter their victims and plan their attacks. They research, identify, and select targets by phishing, harvesting email addresses, engaging in social engineering, and other sneaky tactics. They also use various tools to scan and exploit network vulnerabilities, services, and applications.

  2. Weaponization and Payload Delivery: Next, the attackers choose their weapon (malware payload) and the delivery vehicle:

    1. A drive-by download delivers an exploit or advanced malware covertly, usually by taking advantage of a vulnerability in a web browser, operating system, or third-party application

  3. Exploitation: An attacker generally has two options for exploitation:

    1. Social engineering (as previously discussed), and

    2. Software exploits—a more sophisticated technique that essentially tricks the web browser, operating system, or other third-party software into executing an attacker's code.

    Exploits have become an efficient and stealthy method to deliver advanced malware to infiltrate a network or system because they can be hidden in legitimate files. Once the exploitation has succeeded, an advanced malware payload can be installed.

  4. Installation: After a targeted endpoint is infiltrated, the attacker needs to ensure survivability. Various types of advanced malware are used for resilience or persistence, including:

    1. Rootkits provide privileged root-level access to a computer

    2. Bootkits are kernel mode variants of rootkits ordinarily used to attack computers that are protected by full-disk encryption

    3. Backdoors are often installed as a failover to enable an attacker to bypass normal authentication procedures in order to gain access to a compromised system in case the primary payload is detected and removed from the system.

    4. Anti-AV software disables any legitimately installed antivirus software on the compromised endpoint. This prevents the automatic detection and removal of malware. Many anti-AV programs infect the master boot record (MBR) of the target endpoint.

  5. Command and Control (CnC): Communication is the lifeblood of a successful attack. Attackers must maintain communications with infected systems to effectuate command and control, and to retrieve data stolen from a target system or network.

    CnC communications are clandestine. They can't raise any suspicion on the network. Such traffic is usually silenced through obfuscation or hidden through techniques that include:

    1. Encryption with SSL, SSH, some other custom application, or proprietary encryption. BitTorrent is known for its proprietary encryption. It’s a favorite tool both for injecting infections and CnC.

    2. Circumvention via proxies, remote access tools, or by tunneling, which is a communications protocol that allows for the secure movement of data from one network to another through a process called encapsulation.

    3. Port evasion using network anonymizers or port hopping to tunnel over open or nonstandard ports.

    4. Fast flux (dynamic DNS) to proxy through multiple infected hosts, reroute traffic, and make it extremely difficult for forensic teams to figure out where traffic is really going.

  6. Playing the Long Game: As we previously learned, attackers have many different motives for their actions. Attacks can often last months or even years, particularly when the objective is data theft, where the attacker plays the long game and uses a low, slow, fly under the radar attack strategy to avoid detection.

To  learn more, download our free Cybersecurity eBook.

1 Lewis, James. United States. Center for Strategic and International Studies. Assessing the Risks of Cyber Terrorism, Cyber War and Other Cyber Threats. Washington, D.C., 2002.
  • 3shares
  • Facebook2
  • Twitter0
  • Pinterest1
  • LinkedIn0
  • Print
  • SMS0

Filed Under: Cyber Security, Cybersecurity Tagged With: cyber attack, Cyber Security, cyberattack, cybersecurity

About Victor M. Font Jr.

Victor M. Font Jr. is an award winning author, entrepreneur, and Senior IT Executive. A Founding Board Member of the North Carolina Executive Roundtable, he has served on the Board of Advisors, of the North Carolina Technology Association, the International Institute of Business Analysis, Association of Information Technology Professionals, Toastmasters International, and the North Carolina Commission for Mental Health, Developmental Disabilities, and Substance Abuse Services. He is author of several books including The Ultimate Guide to the SDLC and Winning With WordPress Basics, and Cybersecurity.

Primary Sidebar

Shopping Cart

Books

  • Ultimate Guide to the SDLC front cover The Ultimate Guide to the SDLC
    Rated 5.00 out of 5
    $74.95
  • Winning With WordPress Basics 2nd Edition Winning With WordPress Basics 2nd Edition $19.95

Recent Articles

  • Protected: WordPress Database Modernization Blueprint
  • Social Media Management
  • Site Growth Automation
  • GDPR Compliance Monitoring
  • Digital Strategy Accelerator

Top 10 Article Categories

Best Practice Code Snippet Computers and Internet Genesis How To Leadership Programming Servant Leadership Tutorial WordPress

We only use analytical cookies on our website that allow us to recognize and count the number of visitors, but they do not identify you individually. They help us to improve the way our website works. By clicking Accept you, agree to cookies being used in accordance with our Cookie Policy.OkNoCookie policy