Understanding an Attack

This diagram illustrates a typical cyber attackers approach. Note that antivirus is not enough. A multi layered approach is required to minimise harm, damage and therefore cost to your valuable business.

Initial Access: Through spear phishing emails sent to your staff with malicious link of file attachment. Another method is to exploit a vulnerable service such as web browsers. At this point, antivirus and firewall have already been bypassed. With initial access, however, an intruder cannot achieve a great deal, so the next step is to increase access.

Increase Access: Typically a hacker will search for your encrypted password or, better, the administrator password. If any passwords obtained are weak, the password can be decrypted and used to gain legitimate remote access to your computer. Although remote access is obtained, a reboot, or other event, of the compromised computer could make it difficult to re-gain remote access. Therefore, the hacker will attempt to establish permanent access.

Permanent Access: Next the hacker will install more sophisticated malware on your computer to ensure ongoing access should the legitimate credentials, obtained from the previous step, fail.  This malware is typically ‘quiet’ when calling back home to minimise network traffic and evade network defences.

Execute Intent: The intent could be anything from data exfiltration (unauthorised transfer of data) or using stolen credentials to explore other computers and devices in your organisation.

Network Exploration: The initial computer compromised may not have anything of value. So moving laterally through your business network and other computers, a hacker will compromise all computers in your business network and continue to look for valuable data such as personal, patient or customer data. Typically the hackers built up knowledge of your compromised network rivals, and sometimes exceed, your own I.T. administrators.

Damage to Your Business
The further an attacker progresses into your systems, the more harm is caused. Consequently, the higher the direct and indirect costs associated with remediation (see Cyber Crime Victim – What it can cost!). A layered security approach is needed that is not intrusive to your business or staff. 

The 5 Stages of a Web Malware Attack

A real life example of the Anatomy of an Attack illustrated above is the web malware attack, proving very popular at the moment.

The five stages below show how a compromise can occur in just 0.5 seconds. You do not even need to click on any part of a web site to start a malicious drive-by download. 

1. Entry Point

You access a legitimate website that has been hijacked. While it looks and functions normally, malware downloads silently and you do not notice that you’re being infected. 82% of malicious sites are hacked legitimate sites.

2. Information Gathering

The initial malware is not entirely effective. It simply redirects to a server in the cloud with details about your computer (i.e. whether your running Windows/Mac, IE/Safari/Chrome, Java, etc.) setting your computer up for the next stage.

3. Exploit/ Leverage

With your computer details known, a suitable exploit pack (more malware) will attempt to take advantage of any vulnerabilities in your computer. The attacker now has remote access to your computer.

4. Infection

With remote access, the hacker will download more malware, such as a key logger, to finally execute their intent.

5. Execution Intent

It all comes together in this final stage. The malware, from stage 3, calls home with sensitive information, from stage 4, such as login credentials, banking or credit card information, or tricks you into paying directly.

 

Specialising in Small Businesses

We make sure your computers and your entire life doesn't get hacked!