Anatomy of a Cyber Attack

What is a Cyber Attack?
To know how to prevent cyber attacks, you need to know how they work. The following seven steps describe a typical cyber attack:

1) The cyber criminal, or hacker, gains entry through an email, a network vulnerability, downloaded file, attachment to a social media post, trojan horse website, or application bug, and inserts malware into your computer or network. Your computer, and possibly all other connected devices on your network, are now compromised.

2) The malware now probes for additional network access, vulnerabilities, or communicates with command and control websites to receive additional instructions and/or malicious code.

3) The malware typically establishes additional entry points to ensure that the cyber attack can continue if its original point of entry is discovered and closed.

4) Once the hacker has established network access, he/she begins to gather data, such as account names, logins and passwords. Once the hacker cracks the passwords, he/she can now can identify, access, and control data or individual accounts.

5) Data and your account profiles are collected on a staging server, then the data is stolen. A data breach is now occurring without your knowledge.

6) The hacker often does not use this data or your account information for themselves, your information will be posted for sale on the deep web and purchased by criminals that may wait months, or years to raid your accounts or steal your identity. (They often will have “bots” that will monitor your situation so they can strike at the right time to receive the most gain.)

7) After the initial hack, evidence of the cyber attack is removed from your computer/network, but your equipment is still compromised and the hacker can return at any time to continue the data breach. 

This flow chart shows the time and patience that is put into a Cyber Attack on a company by a typical hacker.

anatomy-of-ca

Contrary to widespred belief about cyber attacks, they do not necessarily occur quickly. Here is a graphic that shows the planning and execution of a sustained breach on a company:

sustainedbreach

As evidence of the time frame of a Sustained Breach, this chart shows the actual time periods of 3 of the most known medical breaches of the past couple of years.

breachtimeframe

So, as you can see, you or your company may be caught in a breach as you are reading this. In this course we will show you warning signs that something is happening to your data or your equipment as you conduct your day-to-day operations.

Some of the more popular Cyber Criminal’s Tactics which will be covered in this course:
Baiting – Someone gives you a USB drive or other electronic media that is preloaded with malware in the hope you will use the device and enable them to hack your computer.  Do not use any electronic storage device unless you know its origin is legitimate and safe. Scan all electronic media for viruses before use.

Click-jacking – Concealing hyperlinks beneath legitimate clickable content which, when clicked, causes a user to unknowingly perform actions, such as downloading malware, or sending your ID to a site. Numerous click-jacking scams have employed “Like” and “Share” buttons on social networking sites. Disable scripting and iframes in whatever Internet browser you use. Research other ways to set your browser options to maximize security.

Doxing – Publicly releasing a person’s identifying information including full name, date of birth, address, and pictures typically retrieved from social networking site profiles. 

Elicitation – The strategic use of conversation to extract information from people without giving them the feeling they are being interrogated. Be aware of elicitation tactics and the way social engineers try to obtain personal information.

Pharming – Redirecting users from legitimate websites to fraudulent ones for the purpose of extracting confidential data. Watch out for website URLs that use variations in spelling or domain names, or use “.com” instead of “.gov”, for example.  Type a website’s address rather than clicking on a link.

Phishing – Usually an email that looks like it is from a legitimate organization or person, but is not and contains a link or file with malware. Phishing attacks typically try to snag any random victim. Spear phishing attacks target a specific person or organization as their intended victim.

Phreaking – Gaining unauthorized access to telecommunication systems. Do not provide secure phone numbers that provide direct access to a Private Branch Exchange or through the Public Branch Exchange to the public phone network. 

Scams – Fake deals that trick people into providing money, information, or service in exchange for the deal. If it sounds too good to be true, it is most likely a scam. Cybercriminals use popular events and news stories as bait for people to open infected email, visit infected websites, or donate money to bogus charities.

Spoofing – Deceiving computers or computer users by hiding or faking one’s identity.  Email spoofing utilizes a sham email address or simulates a genuine email address. IP spoofing hides or masks a computer’s IP address. Know your friends, co-workers, and clients and beware of those who impersonate a person or service provider to gain company or personal information.

The following lessons outline all the different types of Cyber Attacks that we face on a daily basis, and will teach you how to recognize and avoid them, and what to do if you become a victim.