Normally a hacker attack follows a gradual process, characterized by several steps. Some of them start months before the targets are hit
In spite of the sacrifices, especially economic ones, to strengthen their own information security systems, companies and institutions, a reservoir of precious information, continue to be hit by hackers, as shown also by the recent malware attacks able to reap many victims.
First WannaCry and then Petya, two very dangerous ransomware, have spread panic in half the world, violating hundreds of thousands of computers and holding in check the data of the affected companies. And above all, in line with the modus operandi of this type of malware, demanding the payment of a ransom. Money that, as many experts suggest, should never be paid. For two reasons: you wouldn't be sure that hackers, once they got the money, would keep their pacts and (most importantly) you would feed their criminal activity. The problem is that most companies are not yet able to cope with a computer breach.
Normally a hacker attack follows a gradual process, characterized by several stages. Some of which begin months before the targets are hit.
First phase: target identification
First, hackers need to identify a target to hit and plan how to set up the attack. Generally, the reasons that move the hands of the hackers are always the same: economic reasons, possibility to steal precious data or to damage the company. Once the target has been identified, the study phase begins. Cyber criminals start to collect information about the company and especially about its security system. A social engineering campaign is set up, a technique used to extract useful data to be used in the attack. The hackers create a fake website, visit the structure and attend the events organized by the company, in order to know everything about the target. At this point, the planning of the attack begins.
Second Step: Intrusion
The hackers choose, based on the information gathered in the first step, how to breach the company's security system. In this phase, cybercriminals enter on tiptoe, hiding their weapons on the machines to be hit. Silently, perhaps using phishing techniques, they appropriate the credentials of the protection network or install malware on the computers. The goal is to gain control of the devices remotely. This is a very delicate phase, on which depends the success or failure of the computer violation.
Third phase: study of the company network
Always remaining under trace and acting as an authorized user, the hacker studies the company network, mapping the servers and the whole protection network. The main purpose is to widen the compromise as much as possible. The cybercriminal in this phase, secretly as if he were a virus, analyzes the system, trying to find out where are the databases that keep sensitive information, such as the passwords to access the protection network. Normally, this occurs months or weeks before the attack is detected.
Fourth phase: access to company data
Once the credentials are obtained, the hackers take control of the company's computer systems. The attack enters a very hot phase, because the hackers compromise all channels of the protection network and are now ready to make the breach public. In this step, the cybercriminals have access to all of the company's servers: emails, sensitive documents, customer information.
Fifth phase: the final attack
In the last phase, the cybercriminals come out of the woodwork, putting into practice their ultimate goal: to block the company's activities and ask for money in return. The data contained in the affected machines is encrypted through ransomware. Too late to stop the cyber threat, which began months before it was detected. The problem is that hackers, using legitimate systems, infiltrate the company's protection network without leaving a trace.
How to Protect Yourself
Investing in cyber security means more than just using sophisticated protection systems. It's very important to keep your devices up-to-date (it only takes one computer vulnerability to compromise your entire network) and to prepare your employees to deal with hacker attacks. As we have seen, hackers are able to obtain access credentials to the company network through phishing, a deceptive technique with which victims are led to reveal secret data.