UK National Cyber Security Centre (NCSC) has issued a paper and an infographic summarizing the key stages of common cyber attacks, in a bid to help individuals and companies to better defend amid the rising cyber threat. The attacker is effectively probing defences for weaknesses that, if exploitable, will take them closer to their ultimate goal.
In a simplified approach, NCSC gathered the four main stages present in most cyber attacks:
- Survey – investigating and analysing available information about the target in order to identify potential vulnerabilities
- Delivery – getting to the point in a system where a vulnerability can be exploited
- Breach – exploiting the vulnerability/vulnerabilities to gain some form of unauthorised access
- Affect – carrying out activities within a system that achieve the attacker’s goal
Survey
Attackers will use any means available to find technical, procedural or physical vulnerabilities which they can attempt to exploit. User error can also reveal information that can be used in attacks. Common errors include:
- releasing information about the organisation’s network on a technical support forum
- neglecting to remove hidden properties from documents such as author, software version and file save locations
Delivery
During the delivery stage, the attacker will look to get into a position where they can exploit a vulnerability that they have identified, or they think could potentially exist. Examples include:
- attempting to access an organisation’s online services
- sending an email containing a link to a malicious website or an attachment which contains malicious code
- giving an infected USB stick away at a trade fair
- creating a false website in the hope that a user will visit
Breach
The harm to business will depend on the nature of the vulnerability and the exploitation method. It may allow them to:
- make changes that affect the system’s operation
- gain access to online accounts
- achieve full control of a user’s computer, tablet or smartphone
Affect
Depending on their objectives, the activities they aim to carry out on your systems will differ, but they can include:
- retrieving information they would otherwise not be able to access, such as intellectual property or commercially sensitive information
- making changes for their own benefit, such as creating payments into a bank account they control
- disrupting normal business operation, such as overloading the organisation’s internet connection so they cannot communicate externally, or deleting the whole operating system from users’ computers.
Source:safety4sea
