The Anatomy of an Attack


Did you know that October is Cybersecurity Month? I would like to share an alarming statistic; Europol threat assessment reported that cybercrime is a three trillion dollar business. The dollar amount is higher than the drug trade which includes; heroin, marijuana and cocaine combined. I hate to paint such a bleak picture for a cybersecurity forecast, but I am not sure how we can turn this negative into a positive.

However, it is always a good idea to begin with the basics and to promote an understanding. Let us start with recognizing what is a cybersecurity attack and how does malware infect and spread to a device and to others? Professionally, we call this, the anatomy of an attack and this is how it works.

There are seven stages in the anatomy of an attack:

First stage is reconnaissance. Reconnaissance is the most critical part of the seven stages and involves an attacker finding vulnerabilities, also known as gaps.

The second stage is weaponization. Weaponization builds a malicious attachment. What is a malicious attachment? A malicious attachment for example, can be an email, in which the user, clicks on the attachment. The attachment can be a .pdf, .docx, .jpg, ect. This is one of the reasons why you may often hear to be careful as to what you click, even if you know the person who sent you the email.

The third stage is delivery. While in the prior stage I mentioned email, the fact is, is that social media has become a very large conduit for the distribution of malware. So, you need to extra careful while on your favorite social media sites and do not automatically click on a link.

(Personally, between you and me, the three minute cute dog video will get me every time. I am sure of it.)

The fourth stage is exploitation. Exploitation occurs when the attachment is opened and the vulnerability is exposed. This stage can be complicated to understand in that the vulnerability is not taken advantage of until the fourth stage, but let us take an example of a bank. I do not believe that a robber would just go and try to steal money. They usually will go an investigate the bank and see if there are any weaknesses. Once they find the weakness, they develop their plan around that weakness. The same with cyber, but the bank is your asset, and the reason it is so very important to do basic computer hygiene, such as patching, is so that the vulnerability can be patched, thus making the cybercriminal work harder.

The fifth stage is installation. The malware immediately installs on the device.

The sixth stage is the command and control, c&c, and how the cybercriminal takes control of the device.
The seventh stage is actions and objectives. This is the stage were the attacker is able to execute on the objective, which may include data exfiltration, or just sit quietly on the device, waiting.

There is a golden hour, according to healthcare professionals, which states that the probability of survival, following a traumatic event, improves if a patient is treated within an hour. It is the same for an infected device with malware. If you can treat the device within an hour, the malware will do less damage, than malware that is able to mutate and not only infect your device, but others on the network you share.

In cybersecurity, the mean time to detect, mttd, and the meant time to respond, mttr, are critical factors in staying safely Connected.

Leave a Reply

Your email address will not be published. Required fields are marked *