Anatomy of a Cyber Attack

What is a Cyber Attack?
To know how to prevent cyber attacks, you need to know how they work. The following seven steps describe a typical cyber attack:

1) The cyber criminal, or hacker, gains entry through an email, a network vulnerability, downloaded file, attachment to a social media post, trojan horse website, or application bug, and inserts malware into your computer or network. Your computer, and possibly all other connected devices on your network, are now compromised.

2) The malware now probes for additional network access, vulnerabilities, or communicates with command and control websites to receive additional instructions and/or malicious code.

3) The malware typically establishes additional entry points to ensure that the cyber attack can continue if its original point of entry is discovered and closed.

4) Once the hacker has established network access, he/she begins to gather data, such as account names, logins and passwords. Once the hacker cracks the passwords, he/she can now can identify, access, and control data or individual accounts.

5) Data and your account profiles are collected on a staging server, then the data is stolen. A data breach is now occurring without your knowledge.

6) The hacker often does not use this data or your account information for themselves, your information will be posted for sale on the deep web and purchased by criminals that may wait months, or years to raid your accounts or steal your identity. (They often will have “bots” that will monitor your situation so they can strike at the right time to receive the most gain.)

7) After the initial hack, evidence of the cyber attack is removed from your computer/network, but your equipment is still compromised and the hacker can return at any time to continue the data breach. 

This flow chart shows the time and patience that is put into a Cyber Attack on a company by a typical hacker.

anatomy-of-ca

Contrary to widespred belief about cyber attacks, they do not necessarily occur quickly. Here is a graphic that shows the planning and execution of a sustained breach on a company:

sustainedbreach

As evidence of the time frame of a Sustained Breach, this chart shows the actual time periods of 3 of the most known medical breaches of the past couple of years.

breachtimeframe

So, as you can see, you or your company may be caught in a breach as you are reading this. In this course we will show you warning signs that something is happening to your data or your equipment as you conduct your day-to-day operations.

Detecting a Cyber Attack:
Computer anti-virus and firewall programs can both detect and prevent cyber attacks; however, some attacks use social engineering or get through digital security and create noticeable symptoms on your system. Large-scale cyber attacks can bring down websites, local networks and even major Internet infrastructure. According to Forbes and PC World, a large-scale cyber attack brought down Internet speeds across the planet for many sites when malicious-site filtering company Spamhaus’s servers were under attack.

DoS and DDoS Attacks
Denial of service and distributed denial of service attacks are commonly used forms of cyber attacks that take down individual sites and networks. The symptoms of a DoS or DDoS attack include incredible slow Internet, slow local network access and inaccessible websites. DoS and DDoS attacks work on the principle of knocking down a computer system by overloading it with data requests. Systems are designed to respond to what they perceive as legitimate requests, so the system gets overloaded trying to fulfill an overwhelming number of dummy data requests. DoS attacks come from deliberately configured computers of a single origin, whereas DDoS attacks hijack other computers to increase the number of bogus data requests. 

Malware Attacks
Malware attacks target and disrupt individual systems; viruses, a type of malware, use the systems to replicate and spread. Actively running anti-virus software can automatically detect malware attacks, and malware that gets past the anti-virus may show user-identifiable symptoms. Malware can cause a computer to run slower than it should, hang up at seemingly random intervals, produce pop-up windows and cause periodic system crashes. You may be under a malware attack if your computer’s general behavior changes. 

Socially Engineered Attacks
Some cyber attackers try to trick you into handing over private information through misdirection: socially engineered attacks don’t use any malicious software. Phishing is a type of socially engineered attack that tricks you into entering personal information like social security numbers, credit card numbers and account passwords by sending a link through an email that claims to be from a legitimate service, but redirects to a fake reproduction of the actual site. For example, a phishing scam login page looks like a bank’s normal login page, but when you enter the password, it sends the account information to the scammer.

You can’t do much to prevent services you use from being attacked, but you can protect your own network and computers, which will be reviewed in detail in coming lessons.  Keeping up-to-date firewall and anti-virus software provides a great first line of defense: these programs can detect and flag attacks. If your network shares an Internet connection through a router, using a router that has a built-in firewall can prevent attacks. and, as stated before, socially engineered attacks can be avoided by typing in site URLs manually instead of clicking links when the service requires personal information.